Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cisco Patches Critical Vulnerabilities in Small Business RV Routers

Cisco this week announced patches for multiple vulnerabilities in its Small Business RV160, RV260, RV340, and RV345 series routers, including critical bugs that could lead to the execution of arbitrary code with root privileges.

Cisco this week announced patches for multiple vulnerabilities in its Small Business RV160, RV260, RV340, and RV345 series routers, including critical bugs that could lead to the execution of arbitrary code with root privileges.

The most severe of these issues is CVE-2022-20699 (CVSS score of 10.0), as it allows an unauthenticated, remote attacker to execute arbitrary code on a vulnerable device. The bug exists because there aren’t sufficient boundary checks performed during the processing of specific HTTP requests.

“An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. A successful exploit could allow the attacker to execute code with root privileges on the affected device,” Cisco explains in its advisory.

Cisco also released patches for three flaws in the web-based management interface of the Small Business RV routers, which could allow an attacker to escalate privileges to root and execute arbitrary commands on the device.

The three issues are tracked as CVE-2022-20700 (CVSS score of 10), CVE-2022-20701 (CVSS score of 9.0), and CVE-2022-20702 (CVSS score of 6.0). Because of insufficient authorization enforcement mechanisms, the flaws can be triggered by submitting specific commands to an affected device.

Another critical flaw was found in the software image verification feature of Cisco’s small business routers. Tracked as CVE-2022-20703 (CVSS score of 9.3), the bug could allow a local attacker “to install and boot a malicious software image or execute unsigned binaries on an affected device,” without authentication.

[READ: Cisco Says Critical Flaw in Older SMB Routers Will Remain Unpatched]

CVE-2022-20708 (CVSS score of 10.0) is another critical vulnerability that Cisco released patches for this week. Affecting the web-based management interface, the security error could be exploited to inject and execute commands on the device remotely, without authentication.

Advertisement. Scroll to continue reading.

Two other similar issues were also addressed, though they have a severity rating of “high” (CVE-2022-20707 and CVE-2022-20749, CVSS score of 7.3).

“These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system,” Cisco explains.

Cisco’s advisory describes various other high- and medium-severity vulnerabilities in the RV series routers. The flaws can be exploited to inject and execute arbitrary commands, obtain partial administrative privileges, view or alter information shared with other devices, overwrite certain files, upload arbitrary files, cause a denial of service (DoS) condition, or execute arbitrary code.

Cisco has released software updates to address these vulnerabilities in RV340 and RV345 routers and encourages users to install them, as there are no workarounds to mitigate the bugs. Updates for RV160 and RV260 routers are expected to be released this month.

The company also warns of the public existence of proof-of-concept (PoC) exploit code targeting some of these vulnerabilities.

Related: Cisco Patches Critical Vulnerability in Contact Center Products

Related: Cisco Plugs Critical Holes in Catalyst PON Enterprise Switches

Related: Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

Anand Ramanathan has been appointed as Chief Product Officer at Deepwatch.

Managed security platform provider Deepwatch has appointed Sammie Walker as CMO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.