CVE-2022-20705 Small Business RV160, RV260, RV340, and RV345 routers could be exploited by an attacker to execute arbitrary code, elevate privileges, or bypass authentication and authorization.

Cisco Small Business RV Series Routers running Cisco IOS Software could allow an attacker to exploit multiple vulnerabilities to execute arbitrary code, elevate privileges, bypass authentication and authorization, and cause a denial of service (DoS) to the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds. However, you can mitigate these vulnerabilities by configuring basic security best practices, such as anti-virus, firewall, and intrusion detection/prevention measures. Details - Cisco Small Business RV Series Routers running Cisco IOS Software could allow an attacker to exploit multiple vulnerabilities to execute arbitrary code, elevate privileges, bypass authentication and authorization, and cause a denial of service (DoS) to the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds. However, you can mitigate these vulnerabilities by configuring basic security best practices, such as anti-virus, firewall, and intrusion detection/prevention measures. - Multiple Cisco Small Business RV Series Routers running Cisco IOS Software could be exploited due to multiple vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are no workarounds. However, you can mitigate these vulnerabilities by configuring basic security best practices, such as anti-virus, firewall, and intrusion detection/prevention measures

Summary

Cisco Small Business RV Series Routers running Cisco IOS Software could allow an attacker to exploit multiple vulnerabilities to execute arbitrary code, elevate privileges, bypass authentication and authorization, and cause a denial of service (DoS) to the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds. However, you can mitigate these vulnerabilities by configuring basic security best practices, such as anti-virus, firewall, and intrusion detection/prevention measures
The following products have been released by Cisco to address CVE-2022-20705:
IOS ---------------
CSCvc23686 - This vulnerability is fixed in IOS Software Releases 12.4(33)S2 and 15.0M3a
IOS XE ---------------
CSCve87479 - This vulnerability is fixed in IOS Software Releases 16.1SE7a, 16.2SE7cDRE1a, 16.2SR5b

Multiple Cisco Small Business RV Series Routers running Cisco IOS Software could be exploited due to multiple vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are no workarounds. However, you can mitigate these vulnerabilities by configuring basic security best practices, such as anti-virus, firewall, and intrusion detection/prevention measures

Timeline

Published on: 02/10/2022 18:15:00 UTC
Last modified on: 03/29/2022 16:07:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
• https://www.zerodayinitiative.com/advisories/ZDI-22-410/
• https://www.zerodayinitiative.com/advisories/ZDI-22-409/
• https://www.zerodayinitiative.com/advisories/ZDI-22-415/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20705