ID

VAR-202202-0329


CVE

CVE-2022-20704


TITLE

plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-004937

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information may be obtained and information may be tampered with. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.The specific flaw exists within the downloading of firmware files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of root

Trust: 2.34

sources: NVD: CVE-2022-20704 // JVNDB: JVNDB-2022-004937 // ZDI: ZDI-22-413 // VULMON: CVE-2022-20704

AFFECTED PRODUCTS

vendor:ciscomodel:rv160scope:lteversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv345pscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv260scope:lteversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv340wscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345scope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv160wscope:lteversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv260wscope:lteversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv260pscope:lteversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv340scope:lteversion:1.0.03.24

Trust: 1.0

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-413 // JVNDB: JVNDB-2022-004937 // NVD: CVE-2022-20704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20704
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20704
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20704
value: MEDIUM

Trust: 0.8

ZDI: CVE-2022-20704
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202202-165
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-20704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20704
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-20704
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20704
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20704
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-20704
baseSeverity: HIGH
baseScore: 7.1
vectorString: AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-413 // VULMON: CVE-2022-20704 // JVNDB: JVNDB-2022-004937 // CNNVD: CNNVD-202202-165 // NVD: CVE-2022-20704 // NVD: CVE-2022-20704

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004937 // NVD: CVE-2022-20704

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-165

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-165

PATCH

title:cisco-sa-smb-mult-vuln-KA9PK6Durl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.8

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.7

title:Cisco Small Business Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183258

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-413 // VULMON: CVE-2022-20704 // JVNDB: JVNDB-2022-004937 // CNNVD: CNNVD-202202-165

EXTERNAL IDS

db:NVDid:CVE-2022-20704

Trust: 4.0

db:ZDIid:ZDI-22-413

Trust: 2.4

db:JVNDBid:JVNDB-2022-004937

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15810

Trust: 0.7

db:CS-HELPid:SB2022020301

Trust: 0.6

db:CNNVDid:CNNVD-202202-165

Trust: 0.6

db:VULMONid:CVE-2022-20704

Trust: 0.1

sources: ZDI: ZDI-22-413 // VULMON: CVE-2022-20704 // JVNDB: JVNDB-2022-004937 // CNNVD: CNNVD-202202-165 // NVD: CVE-2022-20704

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-22-413/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20704

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022020301

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: ZDI: ZDI-22-413 // VULMON: CVE-2022-20704 // JVNDB: JVNDB-2022-004937 // CNNVD: CNNVD-202202-165 // NVD: CVE-2022-20704

CREDITS

Gaurav Baruah

Trust: 0.7

sources: ZDI: ZDI-22-413

SOURCES

db:ZDIid:ZDI-22-413
db:VULMONid:CVE-2022-20704
db:JVNDBid:JVNDB-2022-004937
db:CNNVDid:CNNVD-202202-165
db:NVDid:CVE-2022-20704

LAST UPDATE DATE

2024-08-14T13:53:35.860000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-413date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20704date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-004937date:2023-05-11T09:08:00
db:CNNVDid:CNNVD-202202-165date:2022-02-25T00:00:00
db:NVDid:CVE-2022-20704date:2023-11-07T03:42:40.520

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-413date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20704date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-004937date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202202-165date:2022-02-03T00:00:00
db:NVDid:CVE-2022-20704date:2022-02-10T18:15:09.253