Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D)

critical Nessus Plugin ID 157361

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities:

- A vulnerability in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. (CVE-2022-20699)

- Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV Series Routers could allow a remote attacker to elevate privileges to root. (CVE-2022-20700, CVE-2022-20701, CVE-2022-20702)

- A vulnerability in the software image verification feature of Cisco Small Business RV Series Routers could allow an unauthenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. (CVE-2022-20703)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvz88279, CSCvz94704, CSCwa12732, CSCwa12748, CSCwa12836, CSCwa13115, CSCwa13119, CSCwa13205, CSCwa13682, CSCwa13836, CSCwa13882, CSCwa13888, CSCwa13900, CSCwa14007, CSCwa14008, CSCwa14564, CSCwa14565, CSCwa14601, CSCwa14602, CSCwa15167, CSCwa15168, CSCwa18769, CSCwa18770, CSCwa32432, CSCwa36774, CSCwa54598

See Also

http://www.nessus.org/u?d880707f

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz88279

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz94704

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa12732

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa12748

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa12836

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13115

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13119

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13205

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13682

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13836

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13882

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13888

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa13900

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14007

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14008

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14564

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14565

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14601

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa14602

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa15167

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa15168

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa18769

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa18770

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa32432

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa36774

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54598

Plugin Details

Severity: Critical

ID: 157361

File Name: cisco-sa-smb-mult-vuln-KA9PK6D.nasl

Version: 1.14

Type: remote

Family: CISCO

Published: 2/3/2022

Updated: 5/12/2022

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2022-20749

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/o:cisco:small_business_rv_series_router_firmware, cpe:/h:cisco:rv340, cpe:/h:cisco:rv340w, cpe:/h:cisco:rv345, cpe:/h:cisco:rv345p, cpe:/h:cisco:rv160, cpe:/h:cisco:rv160w, cpe:/h:cisco:rv260, cpe:/h:cisco:rv260p, cpe:/h:cisco:rv260w

Required KB Items: Cisco/Small_Business_Router/Version, Cisco/Small_Business_Router/Model

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2022

Vulnerability Publication Date: 2/2/2022

CISA Known Exploited Dates: 3/17/2022

Exploitable With

Metasploit (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution)

Reference Information

CVE: CVE-2022-20699, CVE-2022-20700, CVE-2022-20701, CVE-2022-20702, CVE-2022-20703, CVE-2022-20704, CVE-2022-20705, CVE-2022-20706, CVE-2022-20707, CVE-2022-20708, CVE-2022-20709, CVE-2022-20710, CVE-2022-20711, CVE-2022-20712, CVE-2022-20749