Details of VAR-202202-1278

ID

VAR-202202-1278

CVE

CVE-2022-20699

TITLE

plural Cisco Small Business RV Series router out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-004941

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SSL VPN service, which listens on TCP port 8443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root

Trust: 2.34

sources: NVD: CVE-2022-20699 // JVNDB: JVNDB-2022-004941 // ZDI: ZDI-22-414 // VULMON: CVE-2022-20699

AFFECTED PRODUCTS

vendor:	cisco	model:	rv340w	scope:	lte	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	lte	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	lte	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	lte	version:	1.0.03.24	Trust: 1.0
vendor:	シスコシステムズ	model:	rv340 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345p dual wan gigabit poe vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv340	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-414 // JVNDB: JVNDB-2022-004941 // NVD: CVE-2022-20699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20699
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20699
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-20699
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2022-20699
value:	CRITICAL
Trust: 0.7
CNNVD:	CNNVD-202202-120
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2022-20699
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20699
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-20699
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20699
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20699
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-20699
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-414 // VULMON: CVE-2022-20699 // JVNDB: JVNDB-2022-004941 // CNNVD: CNNVD-202202-120 // NVD: CVE-2022-20699 // NVD: CVE-2022-20699

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-1284	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004941 // NVD: CVE-2022-20699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-120

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-120

PATCH

title:	cisco-sa-smb-mult-vuln-KA9PK6D	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D	Trust: 1.5
title:	Cisco Rv340 Dual Wan Gigabit Vpn Router Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=182666	Trust: 0.6
title:	Cisco: Cisco Small Business RV Series Routers Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-KA9PK6D	Trust: 0.1
title:	CVE-2022-20699 🎧	url:	https://github.com/Audiobahn/CVE-2022-20699	Trust: 0.1
title:	CVE-2022-20699 🎧	url:	https://github.com/rohankumardubey/CVE-2022-20699	Trust: 0.1
title:	CVE-2022-20699 🎧	url:	https://github.com/puckiestyle/CVE-2022-20699	Trust: 0.1
title:	Exploits and Advisories CVEs Exploits	url:	https://github.com/rdomanski/Exploits_and_Advisories	Trust: 0.1
title:	搜集 2022 年的漏洞	url:	https://github.com/binganao/vulns-2022	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/JERRY123S/all-poc	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/weeka10/-hktalent-TOP	Trust: 0.1
title:	TOP Table of Contents Donation	url:	https://github.com/cyberanand1337x/bug-bounty-2022	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/manas3c/CVE-POC	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: ZDI: ZDI-22-414 // VULMON: CVE-2022-20699 // JVNDB: JVNDB-2022-004941 // CNNVD: CNNVD-202202-120

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20699	Trust: 4.0
db:	ZDI	id:	ZDI-22-414	Trust: 2.4
db:	PACKETSTORM	id:	167113	Trust: 1.7
db:	JVNDB	id:	JVNDB-2022-004941	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15784	Trust: 0.7
db:	CS-HELP	id:	SB2022020215	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-120	Trust: 0.6
db:	VULMON	id:	CVE-2022-20699	Trust: 0.1

sources: ZDI: ZDI-22-414 // VULMON: CVE-2022-20699 // JVNDB: JVNDB-2022-004941 // CNNVD: CNNVD-202202-120 // NVD: CVE-2022-20699

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d	Trust: 2.4
url:	https://www.zerodayinitiative.com/advisories/zdi-22-414/	Trust: 2.4
url:	http://packetstormsecurity.com/files/167113/cisco-rv340-ssl-vpn-unauthenticated-remote-code-execution.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20699	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020215	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/1284.html	Trust: 0.1
url:	https://github.com/audiobahn/cve-2022-20699	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-414 // VULMON: CVE-2022-20699 // JVNDB: JVNDB-2022-004941 // CNNVD: CNNVD-202202-120 // NVD: CVE-2022-20699

CREDITS

Flashback Team: Pedro Ribeiro (@pedrib1337) && Radek Domanski (@RabbitPro)

Trust: 1.3

sources: ZDI: ZDI-22-414 // CNNVD: CNNVD-202202-120

SOURCES

db:	ZDI	id:	ZDI-22-414
db:	VULMON	id:	CVE-2022-20699
db:	JVNDB	id:	JVNDB-2022-004941
db:	CNNVD	id:	CNNVD-202202-120
db:	NVD	id:	CVE-2022-20699

LAST UPDATE DATE

2024-08-14T14:55:36.514000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-414	date:	2022-02-22T00:00:00
db:	VULMON	id:	CVE-2022-20699	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-004941	date:	2023-05-11T09:08:00
db:	CNNVD	id:	CNNVD-202202-120	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-20699	date:	2024-07-24T13:48:50.880

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-414	date:	2022-02-22T00:00:00
db:	VULMON	id:	CVE-2022-20699	date:	2022-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-004941	date:	2023-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202202-120	date:	2022-02-02T00:00:00
db:	NVD	id:	CVE-2022-20699	date:	2022-02-10T18:15:08.980