CVE-2022-20704

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified) Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P (affected versions not specified)

Description The issue is related to multiple vulnerabilities in Cisco Small Business Routers, which could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS). The vulnerability of the firmware update module is associated with incorrect certificate authentication, which can be exploited by a remote attacker to load arbitrary software images.

Recommendations For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P, consider restricting access to the firmware update module to minimize the risk of exploitation until a patch is available.