Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs.
Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.
Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service (DoS) conditions.
The networking equipment maker acknowledged that it's "aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them.
CVE-2022-20699 concerns a case of remote code execution that could be exploited by an attacker by sending specially crafted HTTP requests to a device that functions as an SSL VPN Gateway, effectively leading to the execution of malicious code with root privileges.
CVE-2022-20700, CVE-2022-20701 (CVSS score: 9.0), and CVE-2022-20702 (CVSS score: 6.0), which the company said stems from an insufficient authorization enforcement mechanism, could be abused to elevate privileges to root and execute arbitrary commands on the affected system.
CVE-2022-20708, the third flaw to receive a 10.0 score on the CVSS scale, is due to insufficient validation of user-supplied input, enabling the adversary to inject malicious commands and get them on the underlying Linux operating system.
Other flaws fixed by Cisco are as follows:
- CVE-2022-20703 (CVSS score: 9.3) – Cisco Small Business RV Series Routers Digital Signature Verification Bypass Vulnerability
- CVE-2022-20704 (CVSS score: 4.8) – Cisco Small Business RV Series Routers SSL Certificate Validation Vulnerability
- CVE-2022-20705 (CVSS score: 5.3) – Cisco Small Business RV Series Routers Improper Session Management Vulnerability
- CVE-2022-20706 (CVSS score: 8.3) – Cisco RV Series Routers Open Plug and Play Command Injection Vulnerability
- CVE-2022-20707 and CVE-2022-20749 (CVSS scores: 7.3) – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Command Injection Vulnerabilities
- CVE-2022-20709 (CVSS score: 5.3) – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
- CVE-2022-20710 (CVSS score: 5.3) – Cisco Small Business RV Series Routers GUI Denial of Service Vulnerability
- CVE-2022-20711 (CVSS score: 8.2) – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Overwrite Vulnerability
- CVE-2022-20712 (CVSS score: 7.3) – Cisco Small Business RV Series Routers Upload Module Remote Code Execution Vulnerability
Cisco also stressed that there are no workarounds that address these aforementioned weaknesses, urging customers to update to the latest version of the software as soon as possible to counter any potential attacks.