CVE-2022-20702

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. These vulnerabilities could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS). The vulnerabilities are also associated with insufficient authorization procedure in the web interface of the routers' firmware, which can be exploited to gain root privileges.

Recommendations For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, consider disabling the web interface until a patch is available. Restrict access to the utility-ping-request functionality to minimize the risk of local privilege escalation. Avoid using unsigned software and ensure proper authentication and authorization mechanisms are in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.