San Francisco, NFAPost: Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices.
According to report, the two security flaws tracked as CVE-2022-20842 and CVE-2022-20827 were found in the web-based management interfaces and the web filter database update feature, and are both caused by insufficient input validation.
Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers “to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.” The CVE-2022-20827 exploits by submitting crafted input to the web filter database update feature can let threat actors “execute commands on the underlying operating system with root privileges.”
CVE-2022-20827 exploits by submitting crafted input to the web filter database update feature can let threat actors “execute commands on the underlying operating system with root privileges.”
The complete list of routers affected by these bugs includes Small Business RV160, RV260, RV340, and RV345 series VPN routers (CVE-2022-20842 only impacts the last two). Both flaws are exploitable remotely without requiring authentication in attacks that don’t require user interaction.
Cisco has released software updates to address both vulnerabilities and says there are no workarounds to remove the attack vectors.
No in-the-wild exploitation
These security vulnerabilities were found by security researchers with the IoT Inspector Research Lab, the Chaitin Security Research Lab, and the CLP-team.
The company’s Product Security Incident Response Team (PSIRT) said Cisco is unaware of active exploitation or publicly available exploits in the wild.
Today, Cisco has also patched a third, high severity bug (CVE-2022-20841) in the Open Plug and Play (PnP) module of RV160, RV260, RV340, and RV345 series routers.
If unpatched, this flaw can let attackers execute arbitrary commands on the underlying Linux operating system by sending malicious input to unpatched devices.
However, it also requires the threat actor to “leverage a man-in-the-middle position or have an established foothold on a specific network device that is connected to the affected router.”
Last month, Cisco addressed another set of severe security bugs in the Cisco Nexus Dashboard data center management solution that let unauthenticated attackers execute commands and perform actions remotely with root or Administrator privileges.
The Cisco bug tracking system maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. Bug Search is a web-based tool that acts as a gateway to the bug tracking system and provides you with detailed defect information about your products and software.
Each bug has a unique identifier (ID). Cisco bug IDs use a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). These bug IDs are referenced in Software Release Notes, Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with bug IDs.
(The above story is published by BleepingComputer)
