On 3rd August, the network appliances manufacturer giant Cisco published an advisory in which Cisco detailed about three new vulnerabilities in multiple small business RV series router modules. The vulnerabilities are tracked as CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841. They have been rated as two critical, and one is high in severity with a CVSS score of 9.8, 9.0, and 8.3 out of 10. These flaws allow an unauthenticated, remote attacker to perform remote code execution, Denial of Service, Web Filter Database Update Command Injection, and d Play Command Injection attack on the affected versions of the Cisco small business RV series router modules. Since these vulnerabilities allow attackers to carry out a wide range of attacks, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers.
Table of Contents
The Other Two Vulnerabilities Published in the Advisory Are:
There are three vulnerabilities Cisco published in its advisory. Two critical and one high in severity.
CVE-2022-20842 (9.8): Denial of Service and Remote Code Execution Vulnerabilities in Cisco RV Series Routers.
CVE-2022-20827 (9.0): Web Filter Database Update Command Injection Vulnerability in Cisco RV Series Routers.
CVE-2022-20841 (8.3): Open Plug and Play Command Injection Vulnerability in Cisco RV Series Routers.
Summary of Cve-2022-20842:
This is a Remote Code Execution vulnerability in Cisco RV series router models RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. This could lead to executing arbitrary code as a root user or even cause the device to reload. The flaw could be exploited by sending crafted HTTP input to the affected device. This RCE flaw allows an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting a DoS on an affected device.
| Associated CVE ID | CVE-2022-20842 |
| Description | A Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers. |
| Associated ZDI ID | – |
| CVSS Score | 9.8 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
Summary of Cve-2022-20827:
This is a Web Filter Database Update Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient input validation in the web filter database of the vulnerable models. This could lead to executing commands as a root user. This Command Injection Vulnerability allows an unauthenticated, remote attacker to perform a command injection and execute commands on an affected device with root privilege.
| Associated CVE ID | CVE-2022-20827 |
| Description | A Web Filter Database Update Command Injection Vulnerability in Cisco Small Business RV Series Routers. |
| Associated ZDI ID | – |
| CVSS Score | 9.0 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
Summary of Cve-2022-20841:
This is an Open Plug and Play Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input. This could lead to executing an arbitrary command. The flaw could be exploited by sending malicious input to an affected device. This Open Plug and Play Command Injection Vulnerability allows an unauthenticated, remote attacker to inject and execute arbitrary commands on an affected device.
| Associated CVE ID | CVE-2022-20841 |
| Description | A Open Plug and Play Command Injection Vulnerability in Cisco Small Business RV Series Routers |
| Associated ZDI ID | – |
| CVSS Score | 8.3 High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
List of Cisco RV Series Router Models Affected by Cve-2022-20842(1) And Cve-2022-20827:
Cisco confirmed the products below are vulnerable to all the three flaws. Please see the version information in the table added in the next section.
How to Fix Cve-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers?
Cisco has released security patches to fix CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841 vulnerabilities. Please refer to this table to see the vulnerable versions of Cisco RV series routers with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.
Follow these links to see the procedure to upgrade the firmware of RV series routers:
We hope this post will help you know how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
Keep Reading:
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/279067.html