Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)

Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8.

These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger denial of service (DoS) conditions on vulnerable devices. CVE-2022-20842 and CVE-2022-20827 exist in the web-based management interfaces and the web filter database update feature while CVE-2022-20841 exists in the Open Plug and Play (PnP) module.

Security researchers from the IoT Inspector Research Lab, the Chaitin Security Research Lab, and the CLP team discovered these vulnerabilities. According to Cisco’s Product Security Incident Response Team (PSIRT), there are no current exploits or publicly accessible wild exploits currently.

The vulnerabilities are independent of each other. It is not necessary to exploit one vulnerability to exploit another. A software release that is impacted by one of the vulnerabilities might not also be impacted by the other.
 
CVE-2022-20827: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability 
An unauthenticated, remote attacker might exploit the command injection flaw in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers to execute instructions on the underlying operating system with root privileges.

This flaw results from inadequate input validation. By providing forged input to the web filter database update feature, an attacker could exploit this flaw. On successful exploitation, an attacker might be able to use root access to run commands on the underlying operating system.

CVE-2022-20841: Cisco Small Business RV Series Routers Open Plug and Play Command Injection Vulnerability 
The vulnerability existing in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers’ Open Plug and Play (PnP) module can allow an unauthenticated, remote attacker to inject and run arbitrary commands on the underlying operating system.

Insufficient user input validation is the cause of this vulnerability. On successful exploitation, the attacker can run any command on the Linux operating system. An attacker needs to be in a man-in-the-middle position or already have control over a particular network device that is linked to the vulnerable router to exploit this vulnerability.

CVE-2022-20842: Cisco Small Business RV Series Routers Remote Code Execution and Denial of Service Vulnerability
The vulnerability existing in the Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers has a web-based management interface that might allow an unauthenticated, remote attacker to run arbitrary code or force an affected device to restart unexpectedly, leading to a denial of service (DoS) condition.

The web-based administration interface’s user-supplied input was not adequately validated, which causes this vulnerability. By submitting specially crafted HTTP input to a vulnerable device, an attacker could exploit this vulnerability. On successful exploitation, the attacker can reload the device, resulting in a DoS condition, or execute arbitrary code as the root user on the underlying operating system.

Affected products 
CVE-2022-20827 and CVE-2022-20841 affect the following Cisco products: 

  • RV160 VPN Routers 
  • RV260 VPN Routers 
  • RV260P VPN Routers with PoE 
  • RV160W Wireless-AC VPN Routers 
  • RV260W Wireless-AC VPN Routers 
  • RV340 Dual WAN Gigabit VPN Routers 
  • RV345 Dual WAN Gigabit VPN Routers 
  • RV345P Dual WAN Gigabit POE VPN Routers 
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers

CVE-2022-20842 affects the following Cisco products: 

  • RV340 Dual WAN Gigabit VPN Routers 
  • RV345 Dual WAN Gigabit VPN Routers 
  • RV345P Dual WAN Gigabit POE VPN Routers 
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers

Affected versions  
CVE-2022-20827 and CVE-2022-20841 affect the following versions: 

  • RV160 and RV260 Series Router version 1.0.01.05 
  • RV340 and RV345 Series Router version 1.0.03.26

CVE-2022-20842 affects the following versions: 

  • RV340 and RV345 Series Router versions 1.0.03.26 and earlier

Mitigation  
Customers can refer to the official Cisco Security Advisory ( cisco-sa-sb-mult-vuln-CbVp4SUR) for more information about patching the vulnerabilities.  
 
Qualys Detection 
Qualys customers can scan their devices with QID 730586 and 730587 to detect vulnerable assets. 
 
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities. 
  
References 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/  

Leave a Reply

Your email address will not be published. Required fields are marked *