News

Cisco Fixes Critical Vulnerabilities in RV Series Routers

Cisco has fixed several critical vulnerabilities affecting many of the popular RV series routers.

Bugs can be used to escalate privileges, execute arbitrary code (in many cases without authentication), run commands, bypass authentication, download and run unsigned software, denial of service (DoS). In addition, the company warns that exploits already exist for some of them.

In total, the patches fix 15 vulnerabilities, five of which are rated as critical, as attackers can use them to gain root privileges or remotely execute commands on the device.

Three vulnerabilities actually received the maximum 10 points out of 10 possible on the CVSS vulnerability rating scale: CVE-2022-20699, CVE-2022-20700 and CVE-2022-20707. These issues affect the RV160, RV260, RV340, and RV345 series routers.

CVE-2022-20699 is an arbitrary code execution issue in the SSL VPN module. The bug is related to insufficient bounds checking when processing certain HTTP requests. In turn, the vulnerabilities CVE-2022-20700 and CVE-2022-20708 allow privileges to be elevated to the root level and arbitrary commands to be injected. They were found in the web interface of routers, the protection mechanisms of which turned out to be too weak and did not check the data entered by the user.

Other critical vulnerabilities include CVE-2022-20703, a signature verification bypass (CVSS score of 9.3), and CVE-2022-20701 (CVSS score of 9), which allows privilege escalation.

Cisco engineers say that some of the vulnerabilities need to be exploited together:

“Some vulnerabilities depend on each other. Exploitation of one vulnerability may be required to exploit another.”
It is emphasized that PoC exploits already exist for some of these bugs. For example, the CVE-2022-20699 vulnerability was discovered by the FlashBack team during the Pwn2Own Austin 2021 hacking competition. FlashBack’s Pedro Ribeiro promised that the team would show a PoC exploit for this issue as part of their OffensiveCon 2022 talk. Cisco is not reported.

Let me remind you that we also wrote that Cisco warned about 0-day vulnerabilities in IOS XR, and that Cisco will not fix a critical bug in older routers.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button