Cisco Small Business RV Series Routers command execution | CVE-2022-20706
NAME
Cisco Small Business RV Series Routers command execution
- Platforms Affected:
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router
Cisco RV160 VPN Router
Cisco RV160W Wireless-AC VPN Router
Cisco RV260 VPN Router
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router - Risk Level:
8.3 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Cisco Small Business RV Series Routers could allow a remote attacker to execute arbitrary commands on the system, caused by insufficient validation of user-supplied input in the Open Plug and Play (PnP) module. By sending specially crafted input, an attacker in the man-in-the-middle position or have an established foothold on a specific network device that is connected to the vulnerable router could exploit this vulnerability to inject and execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Access Vector: Network
- Access Complexity: High
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-smb-mult-vuln-KA9PK6D for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20706
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.