CVE-2022-20827

Published on: Not Yet Published

Last Modified on: 08/12/2022 06:07:00 PM UTC

CVE-2022-20827 - advisory for cisco-sa-sb-mult-vuln-CbVp4SUR

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Certain versions of Rv160 from Cisco contain the following vulnerability:

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20827 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Affected Vendor/Software: Cisco - Cisco Small Business RV Series Router Firmware version n/a

CVSS3 Score: 10 - CRITICAL

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
CHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
No Description Provided	tools.cisco.com text/html	CISCO 20220803 Cisco Small Business RV Series Routers Vulnerabilities

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

730586 Cisco Small Business RV (160|260|340|345) Series Routers Vulnerabilities (cisco-sa-sb-mult-vuln-CbVp4SUR)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Rv160	-	All	All	All
Hardware	Cisco	Rv160w	-	All	All	All
Operating System	Cisco	Rv160w Firmware	All	All	All	All
Operating System	Cisco	Rv160 Firmware	All	All	All	All
Hardware	Cisco	Rv260	-	All	All	All
Hardware	Cisco	Rv260p	-	All	All	All
Operating System	Cisco	Rv260p Firmware	All	All	All	All
Hardware	Cisco	Rv260w	-	All	All	All
Operating System	Cisco	Rv260w Firmware	All	All	All	All
Operating System	Cisco	Rv260 Firmware	All	All	All	All
Hardware	Cisco	Rv340	-	All	All	All
Hardware	Cisco	Rv340w	-	All	All	All
Operating System	Cisco	Rv340w Firmware	All	All	All	All
Operating System	Cisco	Rv340 Firmware	All	All	All	All
Hardware	Cisco	Rv345	-	All	All	All
Hardware	Cisco	Rv345p	-	All	All	All
Operating System	Cisco	Rv345p Firmware	All	All	All	All
Operating System	Cisco	Rv345 Firmware	All	All	All	All

cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@__kokumoto	CiscoがVPNルータ製品群における遠隔コード実行やDoSの脆弱性を修正。CVE-2022-20842及びCVE-2022-20827。前者は細工されたHTTP入力、後者はウェブフィルタDB更新機能への細工された入力により、任意… twitter.com/i/web/status/1…	2022-08-03 23:28:00
@ipssignatures	The vuln CVE-2022-20827 has a tweet created 0 days ago and retweeted 12 times. twitter.com/__kokumoto/sta… #pow1rtrtwwcve	2022-08-04 06:06:00
@ITConnect_fr	?️ Cisco corrige deux failles critiques dans plusieurs routeurs VPN : CVE-2022-20842 et CVE-2022-20827 ➡️ En savoi… twitter.com/i/web/status/1…	2022-08-04 06:17:49
@MalwarePatrol	"The two security flaws tracked as CVE-2022-20842 and CVE-2022-20827 were found in the web-based management interfa… twitter.com/i/web/status/1…	2022-08-04 10:28:00
@DICTSMakerere	Cisco has fixed two critical remote code execution bug in VPN routers. Tracked as CVE-2022-20842 and CVE-2022-20827… twitter.com/i/web/status/1…	2022-08-04 11:07:02
@qualys	#Qualys Threat Protection - Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827… twitter.com/i/web/status/1…	2022-08-04 14:05:03
@TheZDIBugs	[ZDI-22-1047\|CVE-2022-20827] Cisco RV340 wfapp Command Injection Remote Code Execution Vulnerability (CVSS 8.8; Cre… twitter.com/i/web/status/1…	2022-08-04 16:06:28
@rkx73	CVE-2022-20827 CVE-2022-20841 y CVE-2022-20842 3 vulnerabilidades en 9 modelos router #Cisco permiten tomar el cont… twitter.com/i/web/status/1…	2022-08-04 19:48:18
@QuiteHacker	? #RCE in #Cisco #VPN Routers ? CVE-2022-20842 & CVE-2022-20827 ? Status: Fixed ?‍? Affected Versions: RV160 and RV… twitter.com/i/web/status/1…	2022-08-05 10:30:00
@CVEreport	CVE-2022-20827 : Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers cou… twitter.com/i/web/status/1…	2022-08-10 08:20:04
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Cisco Small Business RV Series Routers Could Allow for Remote Code Execution - PATCH: NOW	2022-08-04 00:46:46
/r/netcve	CVE-2022-20827	2022-08-10 09:38:03