CVE-2022-20703
Cisco Small Business RV Series Routers Vulnerabilities
Vexday Risk Score
58Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 10EPSS 8.6%KEV simPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
10 Feb 2022Published on NVD
03 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Multiple critical flaws in Cisco Small Business RV routers allow attackers to execute malicious code, bypass security controls, and take complete control of the device. This poses an immediate and severe threat to any network using these routers.
Technical detail
Stack-based buffer overflow and improper input validation in Cisco RV160, RV260, RV340, and RV345 routers enable remote or local attackers to execute arbitrary code with elevated privileges, bypass authentication, and load unsigned firmware. The vulnerabilities require minimal or no authentication in some cases, resulting in complete device compromise and potential network-wide impact.
Summary generated and translated by AI from the official description.
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Cisco · Cisco Small Business RV Series Router FirmwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6Dhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20703https://www.zerodayinitiative.com/advisories/ZDI-22-408/https://www.zerodayinitiative.com/advisories/ZDI-22-413/