isco Dual WAN Gigabit VPN Routers file overwrite | CVE-2022-20711
NAME
isco Dual WAN Gigabit VPN Routers file overwrite
- Platforms Affected:
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router - Risk Level:
8.2 - Exploitability:
Unproven - Consequences:
File Manipulation
DESCRIPTION
Cisco Dual WAN Gigabit VPN Routers could allow a remote attacker to overwrite arbitrary files on the system , caused by insufficient input validation for specific components of the web UI. By sending specially crafted HTTP requests, an attacker could exploit this vulnerability to overwrite existing files or exfiltrate confidential data.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
- Remediation Level: Official Fix
MITIGATION
Refer to Cisco Security Advisory cisco-sa-smb-mult-vuln-KA9PK6D for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20711
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.