ID

VAR-202202-0320


CVE

CVE-2022-20708


TITLE

plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-005341

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of the update-clients method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root

Trust: 2.34

sources: NVD: CVE-2022-20708 // JVNDB: JVNDB-2022-005341 // ZDI: ZDI-22-417 // VULMON: CVE-2022-20708

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345pscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv340scope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345scope:lteversion:1.0.03.24

Trust: 1.0

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-417 // JVNDB: JVNDB-2022-005341 // NVD: CVE-2022-20708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20708
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20708
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20708
value: CRITICAL

Trust: 0.8

ZDI: CVE-2022-20708
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202202-168
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-20708
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20708
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-20708
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20708
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20708
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-20708
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-417 // VULMON: CVE-2022-20708 // JVNDB: JVNDB-2022-005341 // CNNVD: CNNVD-202202-168 // NVD: CVE-2022-20708 // NVD: CVE-2022-20708

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005341 // NVD: CVE-2022-20708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-168

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202202-168

PATCH

title:cisco-sa-smb-mult-vuln-KA9PK6Durl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.8

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.7

title:Cisco Small Business Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=182679

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/

Trust: 0.1

sources: ZDI: ZDI-22-417 // VULMON: CVE-2022-20708 // JVNDB: JVNDB-2022-005341 // CNNVD: CNNVD-202202-168

EXTERNAL IDS

db:NVDid:CVE-2022-20708

Trust: 4.0

db:ZDIid:ZDI-22-417

Trust: 2.4

db:JVNDBid:JVNDB-2022-005341

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15893

Trust: 0.7

db:CS-HELPid:SB2022020301

Trust: 0.6

db:CNNVDid:CNNVD-202202-168

Trust: 0.6

db:VULMONid:CVE-2022-20708

Trust: 0.1

sources: ZDI: ZDI-22-417 // VULMON: CVE-2022-20708 // JVNDB: JVNDB-2022-005341 // CNNVD: CNNVD-202202-168 // NVD: CVE-2022-20708

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-22-417/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20708

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022020301

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/

Trust: 0.1

sources: ZDI: ZDI-22-417 // VULMON: CVE-2022-20708 // JVNDB: JVNDB-2022-005341 // CNNVD: CNNVD-202202-168 // NVD: CVE-2022-20708

CREDITS

Q. Kaiser from IoT Inspector Research Lab

Trust: 1.3

sources: ZDI: ZDI-22-417 // CNNVD: CNNVD-202202-168

SOURCES

db:ZDIid:ZDI-22-417
db:VULMONid:CVE-2022-20708
db:JVNDBid:JVNDB-2022-005341
db:CNNVDid:CNNVD-202202-168
db:NVDid:CVE-2022-20708

LAST UPDATE DATE

2024-08-14T13:53:35.686000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-417date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20708date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-005341date:2023-05-29T06:45:00
db:CNNVDid:CNNVD-202202-168date:2023-06-28T00:00:00
db:NVDid:CVE-2022-20708date:2024-07-24T13:34:53.930

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-417date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20708date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-005341date:2023-05-29T00:00:00
db:CNNVDid:CNNVD-202202-168date:2022-02-03T00:00:00
db:NVDid:CVE-2022-20708date:2022-02-10T18:15:09.467