In addition, there is a vulnerability in the software image verification feature of Cisco Small Business RV Series Routers which could allow an unauthenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the affected system.ĬVE-2022-20700 is the case number for the vulnerability, which has a CVSS base score of 10.0.Īlso, CVE-2022-20701 is the case number for another vulnerability, which has a CVSS base score of 9.0.ĬVE-2022-20702 is the case number for another vulnerability with the product, which has a CVSS base score of 6.0. An attacker could exploit these vulnerabilities by submitting specific commands to an affected device. These vulnerabilities are due to insufficient authorization enforcement mechanisms.
In another issue, there are multiple vulnerabilities in the web-based management interface of Cisco Small Business RV Series Routers which could allow a remote attacker to elevate privileges to root. A successful exploit could allow the attacker to execute code with root privileges on the affected device.ĬVE-2022-20699 is the case number for the vulnerability, which has a CVSS base score of 10.0. An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. There is a vulnerability in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Exploitation of one of the vulnerabilities may be required to exploit another vulnerability. Some of the vulnerabilities are dependent on one another.