{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2022-059.pdf" }, "title": "Critical Vulnerabilities in Cisco VPN Routers", "serial_number": "2022-059", "publish_date": "04-08-2022 10:15:00", "description": "On August 3, Cisco released a security advisory and patches regarding several critical vulnerabilities affecting Cisco VPN routers.

It is highly recommended upgrading affected appliances as soon as possible.", "url_title": "2022-059", "content_markdown": "---\ntitle: 'Critical Vulnerabilities in Cisco VPN Routers'\nversion: '1.0'\nnumber: '2022-059'\noriginal_date: 'August 3, 2022'\ndate: 'August 4, 2022'\n---\n\n_History:_\n\n* _04/08/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 3, Cisco released a security advisory and patches regarding several critical vulnerabilities affecting Cisco VPN routers [1].\n\nIt is highly recommended upgrading affected appliances as soon as possible.\n\n# Technical Details\n\nThe following vulnerabilities are being addressed by the security advisory:\n\n- **CVE-2022-20842**: Remote Code Execution and Denial of Service Vulnerability\n\nThis vulnerability, with a CVSS score of 9.8 out of 10, exists in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers and may allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface.\n\n- **CVE-2022-20827**: Command Injection Vulnerability\n\nThis vulnerability, with a CVSS score of 9.0 out of 10, exists in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers and may allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges. This vulnerability is due to insufficient input validation.\n\n- **CVE-2022-20841**: Command Injection Vulnerability\n\nThis vulnerability, with a CVSS score of 8.3 out of 10, exists in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient validation of user-supplied input.\n\n# Affected Products\n\n**CVE-2022-20827 and CVE-2022-20841**:\n\n - RV160 and RV260 Series Routers with version >= 1.0.01.05 and < 1.0.01.09 (1.0.01.09 is the first fixed release)\n - RV340 and RV345 Series Routers with version >= 1.0.03.26 and < 1.0.03.28 (1.0.03.28 is the first fixed release)\n\n**CVE-2022-20842**:\n\n - RV340 and RV345 Series Routers with version 1.0.03.26 and earlier until 1.0.03.27 (1.0.03.28 is the first fixed release)\n\n# Recommendations\n\nCERT-EU strongly recommends upgrading affected products to the last version available.\n\n# References\n\n[1] \n", "content_html": "

History:

Summary

On August 3, Cisco released a security advisory and patches regarding several critical vulnerabilities affecting Cisco VPN routers [1].

It is highly recommended upgrading affected appliances as soon as possible.

Technical Details

The following vulnerabilities are being addressed by the security advisory:

This vulnerability, with a CVSS score of 9.8 out of 10, exists in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers and may allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface.

This vulnerability, with a CVSS score of 9.0 out of 10, exists in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers and may allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges. This vulnerability is due to insufficient input validation.

This vulnerability, with a CVSS score of 8.3 out of 10, exists in the Open Plug and Play (PnP) module of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient validation of user-supplied input.

Affected Products

CVE-2022-20827 and CVE-2022-20841:

- RV160 and RV260 Series Routers with version >= 1.0.01.05 and < 1.0.01.09 (1.0.01.09 is the first fixed release)\n- RV340 and RV345 Series Routers with version >= 1.0.03.26 and < 1.0.03.28 (1.0.03.28 is the first fixed release)\n

CVE-2022-20842:

- RV340 and RV345 Series Routers with version 1.0.03.26 and earlier until 1.0.03.27 (1.0.03.28 is the first fixed release)\n

Recommendations

CERT-EU strongly recommends upgrading affected products to the last version available.

References

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }