1.6 C
Paris
Wednesday, December 7, 2022

Cisco patched 15 Vulnerabilities in Cisco Small Business RV Series Routers

Cisco patched 15 flaws in Cisco Small Business RV Series Routers

On February 2, Cisco published an advisory for 15 vulnerabilities in its Small Business RV Series Routers. Three of the 15 vulnerabilities listed in the advisory received a CVSSv3 score of 10.0, the highest possible rating.

CVETypeCVSSv3Cisco BugIDs
CVE-2022-20699Remote Code Execution Vulnerability10.0CSCwa13836
CVE-2022-20700Privilege Escalation Vulnerability10.0CSCwa14564, CSCwa14565
CVE-2022-20701Privilege Escalation Vulnerability9.0CSCwa12836, CSCwa13119
CVE-2022-20702Privilege Escalation Vulnerability6.0CSCwa15167, CSCwa15168
CVE-2022-20703Digital Signature Verification Bypass Vulnerability9.3CSCwa12748, CSCwa13115
CVE-2022-20704SSL Certificate Validation Vulnerability4.8CSCwa13205, CSCwa13682
CVE-2022-20705Improper Session Management Vulnerability5.3CSCwa14601, CSCwa14602, CSCwa32432, CSCwa54598
CVE-2022-20706Command Injection Vulnerability8.3CSCwa14007, CSCwa14008
CVE-2022-20707Command Injection7.3CSCwa12732
CVE-2022-20708Command Injection10.0CSCwa13900
CVE-2022-20749Command Injection7.3CSCwa36774
CVE-2022-20709Arbitrary File Upload5.3CSCwa13882
CVE-2022-20710Denial of Service5.3CSCvz88279, CSCvz94704
CVE-2022-20711Arbitrary File Overwrite8.2CSCwa13888
CVE-2022-20712Remote Code Execution7.3CSCwa18769, CSCwa18770

Analysis

CVE-2022-20699 is a remote code execution (RCE) vulnerability in the Cisco RV340, RV340W, RV345 and RV345P Dual WAN Gigabit Routers. According to Cisco, the flaws exist due to an insufficient boundary check within the Secure Socket Layer Virtual Private Network (SSL VPN) module of these devices. A remote, unauthenticated attacker could exploit this flaw by sending a specially crafted HTTP request to a vulnerable device that is “acting as an SSL VPN Gateway.” Successful exploitation would grant an attacker arbitrary code execution on the device with root privileges.

- Advertisement -

CVE-2022-20700, CVE-2022-20701, CVE-2022-20702 are elevation of privilege vulnerabilities in the RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345 and RV345P routers. According to Cisco, these vulnerabilities reside in the web-based management interface of its Cisco Small Business RV Series Routers. The most severe of these three flaws is CVE-2022-20700. A remote, unauthenticated attacker could exploit this vulnerability by “submitting specific commands” to a vulnerable device. Successful exploitation would elevate the attacker’s privileges, allowing them to execute arbitrary commands as root.

CVE-2022-20707, CVE-2022-20708 and CVE-2022-20749 are RCE vulnerabilities in the Cisco RV340, RV340W, RV345 and RV345P Dual WAN Gigabit Routers. The most severe of these three flaws is CVE-2022-20708. According to Cisco, all three vulnerabilities reside in the web-based management interface of these devices. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a specially crafted input to a vulnerable device. Successful exploitation would grant an attacker arbitrary command execution privileges at the operating system level.

Cisco has released fixes for all 15 vulnerabilities for the RV340 and RV345 Series Routers, however a fix has not yet been released for their RV160 and RV260 Series .

Product IdentifierVulnerable VersionFixed Version
RV160, RV160W, RV260, RV260P, RV260W1.0.01.05 and belowFix Unavailable
RV340, RV340W, RV345 and RV345P1.0.03.241.0.03.26 and above

Thousands of Devices Publicly Accessible

At least 8,400 RV34X devices are publicly accessible

According to searches conducted on Shodan, there are at least 8,400* publicly accessible RV34X devices.

Router ModelResults
RV3451,706
RV345P616
RV340W607
RV3405,472
Total8,401
Website | + posts

Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.

Also Read