ID

VAR-202206-1301


CVE

CVE-2022-20825


TITLE

plural  Cisco Small Business  Out-of-bounds write vulnerability in router products

Trust: 0.8

sources: JVNDB: JVNDB-2022-011650

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco) in the United States

Trust: 2.25

sources: NVD: CVE-2022-20825 // JVNDB: JVNDB-2022-011650 // CNVD: CNVD-2022-55682 // VULMON: CVE-2022-20825

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-55682

AFFECTED PRODUCTS

vendor:ciscomodel:rv215wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv130scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv130wscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco rv130w wireless-n multifunction vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv215w wireless-n vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv130 vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv110wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv130wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv215wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv130scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-55682 // JVNDB: JVNDB-2022-011650 // NVD: CVE-2022-20825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20825
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20825
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20825
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-55682
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202206-1532
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-20825
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20825
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-55682
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20825
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-20825
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-55682 // VULMON: CVE-2022-20825 // JVNDB: JVNDB-2022-011650 // CNNVD: CNNVD-202206-1532 // NVD: CVE-2022-20825 // NVD: CVE-2022-20825

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011650 // NVD: CVE-2022-20825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1532

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202206-1532

PATCH

title:cisco-sa-sb-rv-overflow-s2r82P9vurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v

Trust: 0.8

title:Patch for Denial of Service Vulnerabilities in Multiple Cisco Small Business Productsurl:https://www.cnvd.org.cn/patchInfo/show/340056

Trust: 0.6

title:Cisco Small Business Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247274

Trust: 0.6

title:Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-rv-overflow-s2r82P9v

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-55682 // VULMON: CVE-2022-20825 // JVNDB: JVNDB-2022-011650 // CNNVD: CNNVD-202206-1532

EXTERNAL IDS

db:NVDid:CVE-2022-20825

Trust: 3.9

db:JVNDBid:JVNDB-2022-011650

Trust: 0.8

db:CNVDid:CNVD-2022-55682

Trust: 0.6

db:AUSCERTid:ESB-2022.2966

Trust: 0.6

db:CNNVDid:CNNVD-202206-1532

Trust: 0.6

db:VULMONid:CVE-2022-20825

Trust: 0.1

sources: CNVD: CNVD-2022-55682 // VULMON: CVE-2022-20825 // JVNDB: JVNDB-2022-011650 // CNNVD: CNNVD-202206-1532 // NVD: CVE-2022-20825

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-overflow-s2r82p9v

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20825

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20825/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2966

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-55682 // VULMON: CVE-2022-20825 // JVNDB: JVNDB-2022-011650 // CNNVD: CNNVD-202206-1532 // NVD: CVE-2022-20825

SOURCES

db:CNVDid:CNVD-2022-55682
db:VULMONid:CVE-2022-20825
db:JVNDBid:JVNDB-2022-011650
db:CNNVDid:CNNVD-202206-1532
db:NVDid:CVE-2022-20825

LAST UPDATE DATE

2024-08-14T14:24:46.138000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-55682date:2022-08-08T00:00:00
db:VULMONid:CVE-2022-20825date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011650date:2023-08-23T07:09:00
db:CNNVDid:CNNVD-202206-1532date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20825date:2023-11-07T03:43:03.907

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-55682date:2022-08-08T00:00:00
db:VULMONid:CVE-2022-20825date:2022-06-15T00:00:00
db:JVNDBid:JVNDB-2022-011650date:2023-08-23T00:00:00
db:CNNVDid:CNNVD-202206-1532date:2022-06-15T00:00:00
db:NVDid:CVE-2022-20825date:2022-06-15T18:15:09.173