ID

VAR-202202-0330


CVE

CVE-2022-20712


TITLE

plural  Cisco RV Dual WAN Gigabit VPN  router   Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004426

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV Dual WAN Gigabit VPN router Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20712 // JVNDB: JVNDB-2022-004426 // VULMON: CVE-2022-20712

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345pscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv340scope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345scope:lteversion:1.0.03.24

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004426 // NVD: CVE-2022-20712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20712
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20712
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20712
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202202-174
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-20712
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20712
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-20712
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20712
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20712
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-20712 // JVNDB: JVNDB-2022-004426 // CNNVD: CNNVD-202202-174 // NVD: CVE-2022-20712 // NVD: CVE-2022-20712

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004426 // NVD: CVE-2022-20712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-174

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-174

PATCH

title:cisco-sa-smb-mult-vuln-KA9PK6Durl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.8

title:Cisco Small Business Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182684

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20712 // JVNDB: JVNDB-2022-004426 // CNNVD: CNNVD-202202-174

EXTERNAL IDS

db:NVDid:CVE-2022-20712

Trust: 3.3

db:JVNDBid:JVNDB-2022-004426

Trust: 0.8

db:CS-HELPid:SB2022020301

Trust: 0.6

db:CNNVDid:CNNVD-202202-174

Trust: 0.6

db:VULMONid:CVE-2022-20712

Trust: 0.1

sources: VULMON: CVE-2022-20712 // JVNDB: JVNDB-2022-004426 // CNNVD: CNNVD-202202-174 // NVD: CVE-2022-20712

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20712

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022020301

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULMON: CVE-2022-20712 // JVNDB: JVNDB-2022-004426 // CNNVD: CNNVD-202202-174 // NVD: CVE-2022-20712

SOURCES

db:VULMONid:CVE-2022-20712
db:JVNDBid:JVNDB-2022-004426
db:CNNVDid:CNNVD-202202-174
db:NVDid:CVE-2022-20712

LAST UPDATE DATE

2024-08-14T13:53:35.922000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-20712date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-004426date:2023-04-11T06:11:00
db:CNNVDid:CNNVD-202202-174date:2022-02-23T00:00:00
db:NVDid:CVE-2022-20712date:2023-11-07T03:42:42.143

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-20712date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-004426date:2023-04-11T00:00:00
db:CNNVDid:CNNVD-202202-174date:2022-02-03T00:00:00
db:NVDid:CVE-2022-20712date:2022-02-10T18:15:09.693