PT-2022-2292 · Cisco · Cisco Small Business Rv260+5
Mike Steinkoenig
·
Published
2022-02-02
·
Updated
2022-02-17
·
CVE-2022-20710
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Small Business RV340, RV340W, RV345, RV345P versions (affected versions not specified)
Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)
Description
The issue is related to insufficient exception handling in the web interface management of Cisco Small Business routers. This could allow a remote attacker to cause a denial of service. The vulnerability may also enable an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service.
Recommendations
For Cisco Small Business RV340, RV340W, RV345, RV345P, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Handling of Exceptional Conditions
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Small Business Rv160
Cisco Small Business Rv260
Cisco Small Business Rv340
Cisco Small Business Rv340W
Cisco Small Business Rv345
Cisco Small Business Rv345P