Multiple Vulnerabilities in Cisco Routers - DataSec Peripherals Pvt Ltd

Original Issue Date :February 09, 2022

Severity Rating: HIGH

Component Affected

RV160 VPN Routers

RV160W Wireless-AC VPN Routers

RV260 VPN Routers

RV260P VPN Routers with PoE

RV260W Wireless-AC VPN Routers

RV340 Dual WAN Gigabit VPN Routers

RV340W Dual WAN Gigabit Wireless-AC VPN Routers

RV345 Dual WAN Gigabit VPN Routers

RV345P Dual WAN Gigabit POE VPN Routers.

Overview

Multiple Vulnerabilities have been reported in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers which could allow an attacker to execute arbitrary code and commands, elevate privileges, bypass authentication and authorization protections, Fetch and run unsigned software and cause denial of service condition on an affected device.

Description

1. Remote code execution vulnerability ( CVE-2022-20699 )

This vulnerability exists in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers due to insufficient boundary checks when processing specific HTTP requests that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway.

Successful exploitation of this vulnerability could allow the attacker to execute code with root privileges on the affected device.

2. Privilege escalation vulnerabilities ( CVE-2022-20700 CVE-2022-20701 CVE-2022-20702 )

These Vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers due to insufficient authorization enforcement mechanisms that could allow a remote attacker to elevate privileges to root. An attacker could exploit these vulnerabilities by submitting specific commands to an affected device.

Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to root and execute arbitrary commands on the affected system.

4. Certificate validation vulnerability ( CVE-2022-20704 )

This Vulnerability exists in the software upgrade module of Cisco Small Business RV Series Routers due to improper validation of the SSL server certificate that is received when establishing a connection to specific remote servers that could allow an unauthenticated, remote attacker to view or alter information that is shared between an affected device and specific Cisco servers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the server, and then using a forged certificate to impersonate the server.

Successful exploitation of this vulnerability could allow the attacker to force the affected device to download arbitrary software images.

5. Authentication Bypass vulnerability ( CVE-2022-20705 )

This Vulnerability exists in the session management of the web UI of Cisco Small Business RV Series Routers due to the use of weak entropy for session identifier generation functions that could allow an unauthenticated, remote attacker to defeat authentication protections and access the web UI. An attacker could exploit this vulnerability either by using brute force to determine a current session identifier and then reusing the identifier to take over an ongoing session or by crafting a new, valid session identifier and bypassing the whole authentication mechanism.

Successful exploitation of this vulnerability could allow the attacker to take actions within the web UI with privileges up to the level of the administrative user.

6. Command injection vulnerability ( CVE-2022-20706 )

This Vulnerability exists in the Open Plug and Play (PnP) module of Cisco Small Business RV Series Routers due to insufficient validation of user-supplied input that could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. An attacker could exploit this vulnerability by sending malicious input to an affected device.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on the underlying Linux operating system.

7. Command injection vulnerabilities ( CVE-2022-20707 CVE-2022-20708 CVE-2022-20749 )

These Vulnerabilities exist in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers due to insufficient validation of user-supplied input that could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. An attacker could exploit these vulnerabilities by sending malicious input to an affected device.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary commands on the underlying Linux operating system.

8. Arbitrary file upload vulnerability ( CVE-2022-20709 )

This Vulnerability exists in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers due to insufficient authorization enforcement mechanisms in the context of file uploads that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.

Successful exploitation of this vulnerability could allow the attacker to upload arbitrary files to the affected device.

9. Denial of service vulnerability ( CVE-2022-20710 )

This Vulnerability exists in the internal inter process communication of Cisco Small Business RV Series Routers due to erroneously handled exceptions during failed login attempts that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the login functionality of the web-based management interface. An attacker could exploit this vulnerability by submitting a crafted HTTP packet to an affected device.

Successful exploitation of this vulnerability could allow the attacker to prevent users from logging in to the affected device.

10. Arbitrary file overwrite vulnerability ( CVE-2022-20711 )

This Vulnerability exists in the web UI of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers due to insufficient input validation for specific components of the web UI that could allow an unauthenticated, remote attacker to overwrite certain files on an affected device. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device.

Successful exploitation of this vulnerability could allow the attacker to overwrite existing files or exfiltrate confidential data by tampering with the files that are served by the web UI process.

11. Remote code execution vulnerability ( CVE-2022-20712 )

This Vulnerability exists in the upload module of Cisco Small Business RV Series Routers due to insufficient boundary checks when processing specific HTTP requests that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. An attacker could exploit this vulnerability by sending malicious HTTP requests to an affected device.

Successful exploitation of this vulnerability could allow the attacker to execute code with non-root privileges on the device.

Solution

Apply appropriate updates as mentioned in:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Please Share This Share this content

You Might Also Like

Multiple Vulnerabilities in Cisco IOS XR software

Multiple Vulnerabilities in OpenSSL

Denial of Service Vulnerability in Red Hat JBoss Enterprise Application Platform

Leave a Reply Cancel reply

Share this content