Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D)

critical Nessus Plugin ID 157361

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities:

- A vulnerability in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. (CVE-2022-20699)

- Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV Series Routers could allow a remote attacker to elevate privileges to root. (CVE-2022-20700, CVE-2022-20701, CVE-2022-20702)

- A vulnerability in the software image verification feature of Cisco Small Business RV Series Routers could allow an unauthenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. (CVE-2022-20703)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvz88279, CSCvz94704, CSCwa12732, CSCwa12748, CSCwa12836, CSCwa13115, CSCwa13119, CSCwa13205, CSCwa13682, CSCwa13836, CSCwa13882, CSCwa13888, CSCwa13900, CSCwa14007, CSCwa14008, CSCwa14564, CSCwa14565, CSCwa14601, CSCwa14602, CSCwa15167, CSCwa15168, CSCwa18769, CSCwa18770, CSCwa32432, CSCwa36774, CSCwa54598

Plugin Details

Severity: Critical

ID: 157361

File Name: cisco-sa-smb-mult-vuln-KA9PK6D.nasl

Version: 1.17

Type: remote

Family: CISCO

Published: 2/3/2022

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-20749

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:rv345, cpe:/h:cisco:rv345p, cpe:/h:cisco:rv340w, x-cpe:/o:cisco:small_business_rv_series_router_firmware, cpe:/h:cisco:rv160w, cpe:/h:cisco:rv340, cpe:/h:cisco:rv160, cpe:/h:cisco:rv260w, cpe:/h:cisco:rv260p, cpe:/h:cisco:rv260

Required KB Items: Cisco/Small_Business_Router/Version, Cisco/Small_Business_Router/Model

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2022

Vulnerability Publication Date: 2/2/2022

CISA Known Exploited Vulnerability Due Dates: 3/17/2022

Exploitable With

Metasploit (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution)

Reference Information

CVE: CVE-2022-20699, CVE-2022-20700, CVE-2022-20701, CVE-2022-20702, CVE-2022-20703, CVE-2022-20704, CVE-2022-20705, CVE-2022-20706, CVE-2022-20707, CVE-2022-20708, CVE-2022-20709, CVE-2022-20710, CVE-2022-20711, CVE-2022-20712, CVE-2022-20749

CWE: 121, 269, 285, 295, 347, 362, 434, 552, 754, 77, 785

CISCO-SA: cisco-sa-smb-mult-vuln-KA9PK6D

IAVA: 2022-A-0058

CISCO-BUG-ID: CSCvz88279, CSCvz94704, CSCwa12732, CSCwa12748, CSCwa12836, CSCwa13115, CSCwa13119, CSCwa13205, CSCwa13682, CSCwa13836, CSCwa13882, CSCwa13888, CSCwa13900, CSCwa14007, CSCwa14008, CSCwa14564, CSCwa14565, CSCwa14601, CSCwa14602, CSCwa15167, CSCwa15168, CSCwa18769, CSCwa18770, CSCwa32432, CSCwa36774, CSCwa54598

Detections

Analytics