ID

VAR-202205-0065


CVE

CVE-2022-20801


TITLE

Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco Small Business RV340 and RV345 The router has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of set-snmp JSON RPC requests. When parsing the usmUserPrivKey parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Cisco Small Business RV Series Routers is an RV series router of Cisco (Cisco)

Trust: 3.51

sources: NVD: CVE-2022-20801 // JVNDB: JVNDB-2022-010226 // ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // CNVD: CNVD-2022-89252 // VULMON: CVE-2022-20801

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89252

AFFECTED PRODUCTS

vendor:ciscomodel:rv340scope: - version: -

Trust: 1.4

vendor:ciscomodel:rv345scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.27

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv340scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv340wscope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv345scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business r345pscope:lteversion:<=1.0.03.26

Trust: 0.6

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // CNVD: CNVD-2022-89252 // JVNDB: JVNDB-2022-010226 // NVD: CVE-2022-20801

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2022-20801
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2022-20801
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20801
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20801
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-89252
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-2127
value: HIGH

Trust: 0.6

VULMON: CVE-2022-20801
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20801
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-89252
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2022-20801
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 3.4
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2022-20801
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20801
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20801
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // CNVD: CNVD-2022-89252 // VULMON: CVE-2022-20801 // JVNDB: JVNDB-2022-010226 // CNNVD: CNNVD-202205-2127 // NVD: CVE-2022-20801 // NVD: CVE-2022-20801

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010226 // NVD: CVE-2022-20801

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2127

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202205-2127

PATCH

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-rv-cmd-inj-8Pv9JMJD

Trust: 1.4

title:cisco-sa-smb-rv-cmd-inj-8Pv9JMJDurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-rv-cmd-inj-8Pv9JMJD

Trust: 0.8

title:Cisco Small Business RV Series Routers Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247264

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-rv-cmd-inj-8Pv9JMJD

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // VULMON: CVE-2022-20801 // JVNDB: JVNDB-2022-010226 // CNNVD: CNNVD-202205-2127

EXTERNAL IDS

db:NVDid:CVE-2022-20801

Trust: 5.3

db:JVNDBid:JVNDB-2022-010226

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15637

Trust: 0.7

db:ZDIid:ZDI-22-724

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-15633

Trust: 0.7

db:ZDIid:ZDI-22-723

Trust: 0.7

db:CNVDid:CNVD-2022-89252

Trust: 0.6

db:CS-HELPid:SB2022050507

Trust: 0.6

db:CNNVDid:CNNVD-202205-2127

Trust: 0.6

db:VULMONid:CVE-2022-20801

Trust: 0.1

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // CNVD: CNVD-2022-89252 // VULMON: CVE-2022-20801 // JVNDB: JVNDB-2022-010226 // CNNVD: CNNVD-202205-2127 // NVD: CVE-2022-20801

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-rv-cmd-inj-8pv9jmjd

Trust: 3.8

url:https://cxsecurity.com/cveshow/cve-2022-20801/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-20801

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022050507

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723 // CNVD: CNVD-2022-89252 // VULMON: CVE-2022-20801 // JVNDB: JVNDB-2022-010226 // CNNVD: CNNVD-202205-2127 // NVD: CVE-2022-20801

CREDITS

Anonymous

Trust: 1.4

sources: ZDI: ZDI-22-724 // ZDI: ZDI-22-723

SOURCES

db:ZDIid:ZDI-22-724
db:ZDIid:ZDI-22-723
db:CNVDid:CNVD-2022-89252
db:VULMONid:CVE-2022-20801
db:JVNDBid:JVNDB-2022-010226
db:CNNVDid:CNNVD-202205-2127
db:NVDid:CVE-2022-20801

LAST UPDATE DATE

2024-08-14T14:24:49.897000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-724date:2022-05-09T00:00:00
db:ZDIid:ZDI-22-723date:2022-05-09T00:00:00
db:CNVDid:CNVD-2022-89252date:2022-12-22T00:00:00
db:VULMONid:CVE-2022-20801date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-010226date:2023-08-14T01:44:00
db:CNNVDid:CNNVD-202205-2127date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20801date:2023-11-07T03:42:59.467

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-724date:2022-05-09T00:00:00
db:ZDIid:ZDI-22-723date:2022-05-09T00:00:00
db:CNVDid:CNVD-2022-89252date:2022-05-07T00:00:00
db:VULMONid:CVE-2022-20801date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010226date:2023-08-14T00:00:00
db:CNNVDid:CNNVD-202205-2127date:2022-05-04T00:00:00
db:NVDid:CVE-2022-20801date:2022-05-04T17:15:08.913