Trio of RCE CVSS 10 vulnerabilities among 15 CVEs in Cisco small business routers
Cisco has announced 15 vulnerabilities that affect its small business RV160, RV260, RV340, and RV345 series routers, which include three perfect 10s on the CVSS scoring scale and a pair above nine.
The first 10, dubbed CVE-2022-20699, impacts RV340, RV340W, RV345, and RV345P routers, and gains its score from allowing remote code to be run as root.
“This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN gateway,” Cisco said.
The second perfect score is from CVE-2022-20708 which is due to issues in the web management side of the routers allowing for remote arbitrary command execution. Two related vulnerabilities, CVE-2022-20707 and CVE-2022-20749, were given CVSS 7.3 scores.
“These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system,” the company said.
“Cisco has released software updates that address these vulnerabilities. There are no workarounds that address this these vulnerabilities.”
Another vulnerability in the management interface across the entire RV series, CVE-2022-20700, was rated at 10 along with another at nine and a third at six as it allowed for privilege lifting to root level and subsequently command execution. Cisco said this trio of bugs was due to “insufficient authorization enforcement mechanisms”.
The other vulnerability rated above nine — CVE-2022-20703 at 9.3 — hit the entire RC range and was due to not verifying any software images installed by a local attacker.
“An attacker could exploit this vulnerability by loading unsigned software on the device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the device,” Cisco said.
Cisco said there are no workarounds for any of the issues, and the solution was to update the software used on its small business routers.