Security News > 2022 > February > Critical Flaws Discovered in Cisco Small Business RV Series Routers

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept exploit code targeting some of these bugs.

Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.

The flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service conditions.

The networking equipment maker acknowledged that it's "Aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them.

CVE-2022-20699 concerns a case of remote code execution that could be exploited by an attacker by sending specially crafted HTTP requests to a device that functions as an SSL VPN Gateway, effectively leading to the execution of malicious code with root privileges.

CVE-2022-20700, CVE-2022-20701, and CVE-2022-20702, which the company said stems from an insufficient authorization enforcement mechanism, could be abused to elevate privileges to root and execute arbitrary commands on the affected system.

News URL

https://thehackernews.com/2022/02/critical-flaws-discovered-in-cisco.html