ID

VAR-202205-0066


CVE

CVE-2022-20753


TITLE

Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802

DESCRIPTION

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. Cisco Small Business RV340 and RV345 Routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the handling of set-snmp JSON RPC requests. When parsing the usmUserEngineID parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Cisco Small Business RV Series Routers is an RV series router of Cisco (Cisco)

Trust: 4.14

sources: NVD: CVE-2022-20753 // JVNDB: JVNDB-2022-010071 // ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // VULMON: CVE-2022-20753

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89246

AFFECTED PRODUCTS

vendor:ciscomodel:rv340scope: - version: -

Trust: 2.1

vendor:ciscomodel:rv345scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.27

Trust: 1.0

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.27

Trust: 1.0

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv340scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv340wscope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business rv345scope:lteversion:<=1.0.03.26

Trust: 0.6

vendor:ciscomodel:small business r345pscope:lteversion:<=1.0.03.26

Trust: 0.6

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // JVNDB: JVNDB-2022-010071 // NVD: CVE-2022-20753

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2022-20753
value: MEDIUM

Trust: 2.1

nvd@nist.gov: CVE-2022-20753
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20753
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20753
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-89246
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-2137
value: HIGH

Trust: 0.6

VULMON: CVE-2022-20753
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20753
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-89246
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2022-20753
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 3.4
version: 3.0

Trust: 2.1

nvd@nist.gov: CVE-2022-20753
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20753
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20753
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // VULMON: CVE-2022-20753 // JVNDB: JVNDB-2022-010071 // CNNVD: CNNVD-202205-2137 // NVD: CVE-2022-20753 // NVD: CVE-2022-20753

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010071 // NVD: CVE-2022-20753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2137

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2137

PATCH

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-rce-OYLQbL9u

Trust: 2.1

title:cisco-sa-sbrv-rce-OYLQbL9uurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-rce-OYLQbL9u

Trust: 0.8

title:Patch for Cisco Small Business RV Series Routers Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/377356

Trust: 0.6

title:Cisco Small Business RV Series Routers Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192436

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbrv-rce-OYLQbL9u

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // VULMON: CVE-2022-20753 // JVNDB: JVNDB-2022-010071 // CNNVD: CNNVD-202205-2137

EXTERNAL IDS

db:NVDid:CVE-2022-20753

Trust: 6.0

db:JVNDBid:JVNDB-2022-010071

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15635

Trust: 0.7

db:ZDIid:ZDI-22-756

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-15636

Trust: 0.7

db:ZDIid:ZDI-22-803

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-15634

Trust: 0.7

db:ZDIid:ZDI-22-802

Trust: 0.7

db:CNVDid:CNVD-2022-89246

Trust: 0.6

db:CS-HELPid:SB2022050507

Trust: 0.6

db:CNNVDid:CNNVD-202205-2137

Trust: 0.6

db:VULMONid:CVE-2022-20753

Trust: 0.1

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // VULMON: CVE-2022-20753 // JVNDB: JVNDB-2022-010071 // CNNVD: CNNVD-202205-2137 // NVD: CVE-2022-20753

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbrv-rce-oylqbl9u

Trust: 4.5

url:https://cxsecurity.com/cveshow/cve-2022-20753/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-20753

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022050507

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802 // CNVD: CNVD-2022-89246 // VULMON: CVE-2022-20753 // JVNDB: JVNDB-2022-010071 // CNNVD: CNNVD-202205-2137 // NVD: CVE-2022-20753

CREDITS

Anonymous

Trust: 2.1

sources: ZDI: ZDI-22-756 // ZDI: ZDI-22-803 // ZDI: ZDI-22-802

SOURCES

db:ZDIid:ZDI-22-756
db:ZDIid:ZDI-22-803
db:ZDIid:ZDI-22-802
db:CNVDid:CNVD-2022-89246
db:VULMONid:CVE-2022-20753
db:JVNDBid:JVNDB-2022-010071
db:CNNVDid:CNNVD-202205-2137
db:NVDid:CVE-2022-20753

LAST UPDATE DATE

2024-08-14T14:24:49.823000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-756date:2022-05-10T00:00:00
db:ZDIid:ZDI-22-803date:2022-05-27T00:00:00
db:ZDIid:ZDI-22-802date:2022-05-27T00:00:00
db:CNVDid:CNVD-2022-89246date:2022-12-22T00:00:00
db:VULMONid:CVE-2022-20753date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-010071date:2023-08-10T05:39:00
db:CNNVDid:CNNVD-202205-2137date:2022-05-12T00:00:00
db:NVDid:CVE-2022-20753date:2023-11-07T03:42:50.827

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-756date:2022-05-10T00:00:00
db:ZDIid:ZDI-22-803date:2022-05-27T00:00:00
db:ZDIid:ZDI-22-802date:2022-05-27T00:00:00
db:CNVDid:CNVD-2022-89246date:2022-12-22T00:00:00
db:VULMONid:CVE-2022-20753date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010071date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-2137date:2022-05-04T00:00:00
db:NVDid:CVE-2022-20753date:2022-05-04T17:15:08.247