Cisco Fixes Critical Vulnerabilities in RV Series Routers
Cisco has fixed several critical vulnerabilities affecting many of the popular RV series routers.
Bugs can be used to escalate privileges, execute arbitrary code (in many cases without authentication), run commands, bypass authentication, download and run unsigned software, denial of service (DoS). In addition, the company warns that exploits already exist for some of them.In total, the patches fix 15 vulnerabilities, five of which are rated as critical, as attackers can use them to gain root privileges or remotely execute commands on the device.
Three vulnerabilities actually received the maximum 10 points out of 10 possible on the CVSS vulnerability rating scale: CVE-2022-20699, CVE-2022-20700 and CVE-2022-20707. These issues affect the RV160, RV260, RV340, and RV345 series routers.
CVE-2022-20699 is an arbitrary code execution issue in the SSL VPN module. The bug is related to insufficient bounds checking when processing certain HTTP requests. In turn, the vulnerabilities CVE-2022-20700 and CVE-2022-20708 allow privileges to be elevated to the root level and arbitrary commands to be injected. They were found in the web interface of routers, the protection mechanisms of which turned out to be too weak and did not check the data entered by the user.
Other critical vulnerabilities include CVE-2022-20703, a signature verification bypass (CVSS score of 9.3), and CVE-2022-20701 (CVSS score of 9), which allows privilege escalation.
Cisco engineers say that some of the vulnerabilities need to be exploited together:
Let me remind you that we also wrote that Cisco warned about 0-day vulnerabilities in IOS XR, and that Cisco will not fix a critical bug in older routers.