THREAT LEVEL - CRITICAL
04/08/22
Multiple Vulnerabilities in Cisco Small Business RV Series Routers
Threat Level Description
Threat Level: Critical – An attack is expected imminently. Maximum protective security measures to meet specific threats and to minimize vulnerability and risk. Critical may also be used if a terrorist attack is expected seeking to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence.
Description
We have observed that multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, have been identified.
An attacker, by exploiting these vulnerabilities, could execute arbitrary code and/or cause a denial of service (DoS) conditions on the affected devices.
The CVE-2022-20827 (CVSS score: 9.0) vulnerability is due to insufficient input validation, in the web filter database update feature, and could allow an unauthenticated, remote attacker to execute commands on the underlying operating system with root privileges.
The CVE-2022-20841 (CVSS score: 8.0) issue is an Open Plug and Play (PnP) feature’s Command Injection Vulnerability and could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the Linux operating system by sending malicious input to an affected device. However, in order to exploit this vulnerability, an attacker must leverage a man-in-the-middle position or have an established foothold on a specific network device that is connected to the affected router.
Finally, CVE-2022-20842 (CVSS score 9.8) vulnerability is a bug in the web-based management interface of the affected dual-WAN gigabit VPN routers that affects devices in the RV340 and RV345 range only. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. Thus, an unauthenticated, remote attacker, by exploiting this issue, could execute arbitrary code and/or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
CVE(s)
N/A
Affected Systems
- CVE-2022-20827 and CVE-2022-20841 affect the following Cisco products:
- RV160 VPN Routers
- RV160W Wireless-AC VPN Routers
- RV260 VPN Routers
- RV260P VPN Routers with PoE
- RV260W Wireless-AC VPN Routers
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
- CVE-2022-20842 affects the following Cisco products:
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
Recommendation(s)
You should immediately proceed and implement the relevant mitigations and updates provided by the vendor.
Note that there are no workarounds that address these vulnerabilities.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.
