Cisco fixes vulnerabilities in VPN routers
Share this:
Cisco has released advisories on several vulnerabilities in the Cisco Small Business RV series routers, covering the RV160, RV260, RV340, RV345.
Circular dependencies exists with each other vulnerabilities, exploitation of one may be required to exploit another vulnerability.
CVE-2022-20842 is a vulnerability persist in the web-based management interface of the Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. Exploitation of this could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a DoS condition.
CVE-2022-20827 is a vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges.
CVE-2022-20841 is a vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system.
There are no workarounds that address these vulnerabilities but Cisco has released updates. Cisco states it is not aware of any public announcements or malicious use of the vulnerabilities.
