ID

VAR-202208-0323


CVE

CVE-2022-20841


TITLE

Input validation vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017111

DESCRIPTION

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. RV160 VPN router firmware, RV160W Wireless-AC VPN router firmware, RV260 VPN Multiple Cisco Systems products, including router firmware, contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Trust: 1.71

sources: NVD: CVE-2022-20841 // JVNDB: JVNDB-2022-017111 // VULMON: CVE-2022-20841

AFFECTED PRODUCTS

vendor:ciscomodel:rv345scope:ltversion:1.0.03.26

Trust: 1.0

vendor:ciscomodel:rv260wscope:ltversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.26

Trust: 1.0

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.26

Trust: 1.0

vendor:ciscomodel:rv160wscope:ltversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv260scope:ltversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv260pscope:ltversion:1.0.01.05

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.26

Trust: 1.0

vendor:ciscomodel:rv160scope:ltversion:1.0.01.05

Trust: 1.0

vendor:シスコシステムズmodel:rv260w wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340wscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345pscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn ルータ with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn ルータscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-017111 // NVD: CVE-2022-20841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20841
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20841
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-20841
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202208-2169
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-20841
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 2.0

NVD: CVE-2022-20841
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017111 // CNNVD: CNNVD-202208-2169 // NVD: CVE-2022-20841 // NVD: CVE-2022-20841

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-017111 // NVD: CVE-2022-20841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2169

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202208-2169

PATCH

title:cisco-sa-sb-mult-vuln-CbVp4SURurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Trust: 0.8

title:Cisco Small Business RV Series Routers Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204364

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-mult-vuln-CbVp4SUR

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/

Trust: 0.1

sources: VULMON: CVE-2022-20841 // JVNDB: JVNDB-2022-017111 // CNNVD: CNNVD-202208-2169

EXTERNAL IDS

db:NVDid:CVE-2022-20841

Trust: 3.3

db:JVNDBid:JVNDB-2022-017111

Trust: 0.8

db:AUSCERTid:ESB-2022.3837

Trust: 0.6

db:CNNVDid:CNNVD-202208-2169

Trust: 0.6

db:VULMONid:CVE-2022-20841

Trust: 0.1

sources: VULMON: CVE-2022-20841 // JVNDB: JVNDB-2022-017111 // CNNVD: CNNVD-202208-2169 // NVD: CVE-2022-20841

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-20841

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.3837

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20841/

Trust: 0.6

url:https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/

Trust: 0.1

sources: VULMON: CVE-2022-20841 // JVNDB: JVNDB-2022-017111 // CNNVD: CNNVD-202208-2169 // NVD: CVE-2022-20841

SOURCES

db:VULMONid:CVE-2022-20841
db:JVNDBid:JVNDB-2022-017111
db:CNNVDid:CNNVD-202208-2169
db:NVDid:CVE-2022-20841

LAST UPDATE DATE

2024-08-14T14:10:40.986000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-017111date:2023-10-11T05:30:00
db:CNNVDid:CNNVD-202208-2169date:2022-08-16T00:00:00
db:NVDid:CVE-2022-20841date:2023-11-07T03:43:06.027

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-017111date:2023-10-11T00:00:00
db:CNNVDid:CNNVD-202208-2169date:2022-08-04T00:00:00
db:NVDid:CVE-2022-20841date:2022-08-10T08:15:07.317