Cisco Small Business and Dual WAN Gigabit VPN Routers code execution | CVE-2022-20699
NAME
Cisco Small Business and Dual WAN Gigabit VPN Routers code execution
- Platforms Affected:
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router - Risk Level:
10 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Cisco Small Business and Dual WAN Gigabit VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by insufficient boundary checks when processing specific HTTP requests. By sending specially crafted HTTP requests, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-smb-mult-vuln-KA9PK6D for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20699
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
