CVE-2022-20707 — CRITICAL (10.0)

Q: How severe is CVE-2022-20707?

CVE-2022-20707 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-20707?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv340 Firmware, Cisco Rv340, Cisco Rv340W Firmware, Cisco Rv340W, Cisco Rv345 Firmware.

Vulnerability Description

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Rv340 Firmware	<= 1.0.03.24
Cisco	Rv340	-
Cisco	Rv340W Firmware	<= 1.0.03.24
Cisco	Rv340W	-
Cisco	Rv345 Firmware	<= 1.0.03.24
Cisco	Rv345	-
Cisco	Rv345P Firmware	<= 1.0.03.24
Cisco	Rv345P	-

Related Weaknesses (CWE)

CWE-121 CWE-787

References

http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypas
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-409/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-411/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-419/Third Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypas
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-409/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-411/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-419/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2022-20707?

CVE-2022-20707 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb...

How severe is CVE-2022-20707?

CVE-2022-20707 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-20707?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv340 Firmware, Cisco Rv340, Cisco Rv340W Firmware, Cisco Rv340W, Cisco Rv345 Firmware.