ID

VAR-202205-0064


CVE

CVE-2022-20799


TITLE

Cisco Small Business RV340  and  RV345  In the router  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-010227

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco Small Business RV340 and RV345 The router has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business RV Series Routers is an RV series router of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2022-20799 // JVNDB: JVNDB-2022-010227 // CNVD: CNVD-2022-89251 // VULMON: CVE-2022-20799

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89251

AFFECTED PRODUCTS

vendor:ciscomodel:rv345scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.27

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv340scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv340wscope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv345scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business r345pscope:lteversion:<=1.0.03.26

Trust: 0.6

sources: CNVD: CNVD-2022-89251 // JVNDB: JVNDB-2022-010227 // NVD: CVE-2022-20799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20799
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20799
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20799
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-89251
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-2128
value: HIGH

Trust: 0.6

VULMON: CVE-2022-20799
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20799
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-89251
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20799
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20799
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20799
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-89251 // VULMON: CVE-2022-20799 // JVNDB: JVNDB-2022-010227 // CNNVD: CNNVD-202205-2128 // NVD: CVE-2022-20799 // NVD: CVE-2022-20799

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010227 // NVD: CVE-2022-20799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2128

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202205-2128

PATCH

title:cisco-sa-smb-rv-cmd-inj-8Pv9JMJDurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-rv-cmd-inj-8Pv9JMJD

Trust: 0.8

title:Patch for Cisco Small Business RV Series Routers Command Injection Vulnerability (CNVD-2022-89251)url:https://www.cnvd.org.cn/patchInfo/show/377431

Trust: 0.6

title:Cisco Small Business RV Series Routers Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247265

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-rv-cmd-inj-8Pv9JMJD

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-89251 // VULMON: CVE-2022-20799 // JVNDB: JVNDB-2022-010227 // CNNVD: CNNVD-202205-2128

EXTERNAL IDS

db:NVDid:CVE-2022-20799

Trust: 3.9

db:JVNDBid:JVNDB-2022-010227

Trust: 0.8

db:CNVDid:CNVD-2022-89251

Trust: 0.6

db:CS-HELPid:SB2022050507

Trust: 0.6

db:CNNVDid:CNNVD-202205-2128

Trust: 0.6

db:VULMONid:CVE-2022-20799

Trust: 0.1

sources: CNVD: CNVD-2022-89251 // VULMON: CVE-2022-20799 // JVNDB: JVNDB-2022-010227 // CNNVD: CNNVD-202205-2128 // NVD: CVE-2022-20799

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-rv-cmd-inj-8pv9jmjd

Trust: 2.4

url:https://cxsecurity.com/cveshow/cve-2022-20799/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-20799

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022050507

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-89251 // VULMON: CVE-2022-20799 // JVNDB: JVNDB-2022-010227 // CNNVD: CNNVD-202205-2128 // NVD: CVE-2022-20799

SOURCES

db:CNVDid:CNVD-2022-89251
db:VULMONid:CVE-2022-20799
db:JVNDBid:JVNDB-2022-010227
db:CNNVDid:CNNVD-202205-2128
db:NVDid:CVE-2022-20799

LAST UPDATE DATE

2024-08-14T14:24:49.865000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-89251date:2022-12-22T00:00:00
db:VULMONid:CVE-2022-20799date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-010227date:2023-08-14T01:47:00
db:CNNVDid:CNNVD-202205-2128date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20799date:2023-11-07T03:42:59.073

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-89251date:2022-12-22T00:00:00
db:VULMONid:CVE-2022-20799date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010227date:2023-08-14T00:00:00
db:CNNVDid:CNNVD-202205-2128date:2022-05-04T00:00:00
db:NVDid:CVE-2022-20799date:2022-05-04T17:15:08.857