Details of VAR-202208-0322

ID

VAR-202208-0322

CVE

CVE-2022-20842

TITLE

plural Cisco Small Business Input validation vulnerability in router products

Trust: 0.8

sources: JVNDB: JVNDB-2022-016746

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business Router products contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Trust: 1.71

sources: NVD: CVE-2022-20842 // JVNDB: JVNDB-2022-016746 // VULMON: CVE-2022-20842

AFFECTED PRODUCTS

vendor:	cisco	model:	rv345p	scope:	lt	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	lt	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	lt	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	lt	version:	1.0.03.28	Trust: 1.0
vendor:	シスコシステムズ	model:	rv345p	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340w	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016746 // NVD: CVE-2022-20842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20842
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20842
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-20842
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202208-2171
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-20842
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20842
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20842
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016746 // CNNVD: CNNVD-202208-2171 // NVD: CVE-2022-20842 // NVD: CVE-2022-20842

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-016746 // NVD: CVE-2022-20842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2171

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202208-2171

PATCH

title:	cisco-sa-sb-mult-vuln-CbVp4SUR	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR	Trust: 0.8
title:	Cisco Small Business RV Series Routers Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204186	Trust: 0.6
title:	Cisco: Cisco Small Business RV Series Routers Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-mult-vuln-CbVp4SUR	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/	Trust: 0.1

sources: VULMON: CVE-2022-20842 // JVNDB: JVNDB-2022-016746 // CNNVD: CNNVD-202208-2171

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20842	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-016746	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3837	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2171	Trust: 0.6
db:	VULMON	id:	CVE-2022-20842	Trust: 0.1

sources: VULMON: CVE-2022-20842 // JVNDB: JVNDB-2022-016746 // CNNVD: CNNVD-202208-2171 // NVD: CVE-2022-20842

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20842	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3837	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20842/	Trust: 0.6
url:	https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/	Trust: 0.1

sources: VULMON: CVE-2022-20842 // JVNDB: JVNDB-2022-016746 // CNNVD: CNNVD-202208-2171 // NVD: CVE-2022-20842

SOURCES

db:	VULMON	id:	CVE-2022-20842
db:	JVNDB	id:	JVNDB-2022-016746
db:	CNNVD	id:	CNNVD-202208-2171
db:	NVD	id:	CVE-2022-20842

LAST UPDATE DATE

2024-08-14T14:10:41.039000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-016746	date:	2023-10-06T05:17:00
db:	CNNVD	id:	CNNVD-202208-2171	date:	2022-08-15T00:00:00
db:	NVD	id:	CVE-2022-20842	date:	2023-11-07T03:43:06.253

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-016746	date:	2023-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202208-2171	date:	2022-08-04T00:00:00
db:	NVD	id:	CVE-2022-20842	date:	2022-08-10T09:15:08.590