Cisco Small Business RV Series Routers privilege escalation | CVE-2022-20700
NAME
Cisco Small Business RV Series Routers privilege escalation
- Platforms Affected:
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router
Cisco RV160 VPN Router
Cisco RV160W Wireless-AC VPN Router
Cisco RV260 VPN Router
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router - Risk Level:
10 - Exploitability:
Unproven - Consequences:
Gain Privileges
DESCRIPTION
Cisco Small Business RV Series Routers could allow a remote attacker to gain elevated privileges on the system, caused by insufficient authorization enforcement mechanisms in the web-based management interface. By submitting specific commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-smb-mult-vuln-KA9PK6D for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20700
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.