Cisco has released a Critical security update for multiple vulnerabilities in Small Business RV Routers. Several of those vulnerabilities are rated Critical severity and have the highest rated CVSS score of 10.0.
An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
Cisco’s Product Security Incident Response Team (PSIRT) also warned “it is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.”
CVE-2022-20699
One of the most severe issues is a SSL VPN remote code execution vulnerability (CVE-2022-20699) that affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
“This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. A successful exploit could allow the attacker to execute code with root privileges on the affected device,” Cisco stated.
This issue has a base CVSS score of 10.0 (the highest rating possible).
CVE-2022-20700, CVE-2022-20701
Two additional Critical privileged escalation vulnerabilities (CVE-2022-20700, CVE-2022-20701) impact the web-based management interface of Cisco Small Business RV Series Routers.
As a result of a successful exploitation of these vulnerabilities, a remote attacker could elevate their privileges to root.
“These vulnerabilities are due to insufficient authorization enforcement mechanisms. An attacker could exploit these vulnerabilities by submitting specific commands to an affected device. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the affected system,” Cisco noted.
The most severe issue (CVE-2022-20700) also has a CVSS score of 10.0. CVE-2022-20701 is also rated Critical and has a CVSS score of 9.0. To add, Cisco also addressed a Medium severity issue CVE-2022-20702 in the Small Business RV routers.
CVE-2022-20703
In addition, Cisco addressed a digital signature bypass vulnerability (CVE-2022-20703) that affects Cisco Small Business RV Series Routers.
“A vulnerability in the software image verification feature of Cisco Small Business RV Series Routers could allow an unauthenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device,” Cisco added.
This issues sports a Critical severity rating and CVSS score of 9.3.
CVE-2022-20708
Rounding out the Critical issues is a command injection vulnerability (CVE-2022-20708) that affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
“These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system,” Cisco wrote.
This issue has a base CVSS score of 10.0.
Multiple other command injection vulnerabilities were also patched as noted in section below.
Other vulnerabilities
Finally, Cisco also patched the following vulnerabilities as noted in the security advisory:
- CVE-2022-20704: Cisco Small Business RV Series Routers SSL Certificate Validation Vulnerability
- CVE-2022-20705: Cisco Small Business RV Series Routers Improper Session Management Vulnerability
- CVE-2022-20706: Cisco RV Series Routers Open Plug and Play Command Injection Vulnerability
- CVE-2022-20707, CVE-2022-20749: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Command Injection Vulnerabilities
- CVE-2022-20709: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
- CVE-2022-20710: Cisco Small Business RV Series Routers GUI Denial of Service Vulnerability
- CVE-2022-20711: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Overwrite Vulnerability
- CVE-2022-20712: Cisco Small Business RV Series Routers Upload Module Remote Code Execution Vulnerability