ID

VAR-202202-0894


CVE

CVE-2022-20701


TITLE

plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-004939

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within confd_cli. The issue results from executing user commands at an unnecessarily high privilege level. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root

Trust: 2.34

sources: NVD: CVE-2022-20701 // JVNDB: JVNDB-2022-004939 // ZDI: ZDI-22-412 // VULMON: CVE-2022-20701

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345pscope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv340scope:lteversion:1.0.03.24

Trust: 1.0

vendor:ciscomodel:rv345scope:lteversion:1.0.03.24

Trust: 1.0

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-412 // JVNDB: JVNDB-2022-004939 // NVD: CVE-2022-20701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20701
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20701
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20701
value: HIGH

Trust: 0.8

ZDI: CVE-2022-20701
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202202-175
value: HIGH

Trust: 0.6

VULMON: CVE-2022-20701
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20701
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-20701
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20701
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20701
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-20701
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-412 // VULMON: CVE-2022-20701 // JVNDB: JVNDB-2022-004939 // CNNVD: CNNVD-202202-175 // NVD: CVE-2022-20701 // NVD: CVE-2022-20701

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004939 // NVD: CVE-2022-20701

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-175

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-175

PATCH

title:cisco-sa-smb-mult-vuln-KA9PK6Durl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.8

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.7

title:Cisco Small Business Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182685

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/

Trust: 0.1

sources: ZDI: ZDI-22-412 // VULMON: CVE-2022-20701 // JVNDB: JVNDB-2022-004939 // CNNVD: CNNVD-202202-175

EXTERNAL IDS

db:NVDid:CVE-2022-20701

Trust: 4.0

db:ZDIid:ZDI-22-412

Trust: 2.4

db:JVNDBid:JVNDB-2022-004939

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15886

Trust: 0.7

db:CS-HELPid:SB2022020302

Trust: 0.6

db:CNNVDid:CNNVD-202202-175

Trust: 0.6

db:VULMONid:CVE-2022-20701

Trust: 0.1

sources: ZDI: ZDI-22-412 // VULMON: CVE-2022-20701 // JVNDB: JVNDB-2022-004939 // CNNVD: CNNVD-202202-175 // NVD: CVE-2022-20701

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-22-412/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20701

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022020302

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/

Trust: 0.1

sources: ZDI: ZDI-22-412 // VULMON: CVE-2022-20701 // JVNDB: JVNDB-2022-004939 // CNNVD: CNNVD-202202-175 // NVD: CVE-2022-20701

CREDITS

Benjamin Grap, Hanno Heinrichs and Lukas Kupczyk of CrowdStrike Intelligence

Trust: 0.7

sources: ZDI: ZDI-22-412

SOURCES

db:ZDIid:ZDI-22-412
db:VULMONid:CVE-2022-20701
db:JVNDBid:JVNDB-2022-004939
db:CNNVDid:CNNVD-202202-175
db:NVDid:CVE-2022-20701

LAST UPDATE DATE

2024-08-14T13:53:34.521000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-412date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20701date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-004939date:2023-05-11T09:08:00
db:CNNVDid:CNNVD-202202-175date:2022-03-24T00:00:00
db:NVDid:CVE-2022-20701date:2024-07-24T13:38:21.353

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-412date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-20701date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-004939date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202202-175date:2022-02-03T00:00:00
db:NVDid:CVE-2022-20701date:2022-02-10T18:15:09.087