Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges.

There are currently no reports of these vulnerabilities being exploited in the wild.

Multiple vulnerabilities have been discovered in Cisco Products where successful exploitation of the most severe could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

• A vulnerability in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. (CVE-2022-20699, CWE-285)
• Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV Series Routers could allow a remote attacker to elevate privileges to root. (CVE-2022-20700, CVE-2022-20701, CVE-2022-20702 and CWE-269)
• A vulnerability in the software image verification feature of Cisco Small Business RV Series Routers could allow an unauthenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. (CVE-2022-20703 and CWE-434)
• A vulnerability in the software upgrade module of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view or alter information that is shared between an affected device and specific Cisco servers (cloudsso.cisco.com and api.cisco.com). (CVE-2022-20704 and CWE-552)
• A vulnerability in the session management of the web UI of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to defeat authentication protections and access the web UI. The attacker could obtain partial administrative privileges and perform unauthorized actions. (CVE-2022-20705, CWE-285)
• A vulnerability in the Open Plug and Play (PnP) module of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. (CVE-2022-20706, CWE-77)
• Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. (CVE-2022-20707, CVE-2022-20708, CVE-2022-20749, CWE-77)
• A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. (CVE-2022-20709, CWE-434)
• A vulnerability in the internal interprocess communication of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the login functionality of the web-based management interface. (CVE-2022-20710, CWE-785)
• A vulnerability in the web UI of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to overwrite certain files on an affected device. (CVE-2022-20711, CWE-785)
• A vulnerability in the upload module of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. (CVE-2022-20712, CWE-77)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the targeted user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

We recommend the following actions be taken:

• Install the update provided by Cisco immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to visit websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
• Apply the Principle of Least Privilege to all systems and services.