CVE-2022-20699

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV Series Routers versions RV160, RV260, RV340, and RV345

Description The issue is caused by a stack-based buffer overflow in the SSL VPN module of the Cisco Small Business RV340, RV340W, RV345, and RV345P routers. This can be exploited by a remote attacker using a specially crafted HTTP request, allowing them to execute arbitrary code with root privileges. The vulnerability can also lead to elevation of privileges, execution of arbitrary commands, bypassing of authentication and authorization protections, fetching and running unsigned software, and denial of service (DoS).

Recommendations For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, update to a fixed version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.