Cisco Small Business RV Series Routers security bypass | CVE-2022-20703
NAME
Cisco Small Business RV Series Routers security bypass
- Platforms Affected:
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router
Cisco RV160 VPN Router
Cisco RV160W Wireless-AC VPN Router
Cisco RV260 VPN Router
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router - Risk Level:
9.3 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
Cisco Small Business RV Series Routers could allow a local attacker to bypass security restrictions, caused by improper verification of software images in the software image verification feature. By loading unsigned software on the device, an attacker could exploit this vulnerability to install and boot a malicious software image or execute unsigned binaries on the device.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-smb-mult-vuln-KA9PK6D for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20703
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.