Affecting the web-based management interface, the security error could be exploited to inject and execute commands on the device remotely, without authentication.
#Cisco small business routers install#
Tracked as CVE-2022-20703 (CVSS score of 9.3), the bug could allow a local attacker “to install and boot a malicious software image or execute unsigned binaries on an affected device,” without authentication.ĬVE-2022-20708 (CVSS score of 10.0) is another critical vulnerability that Cisco released patches for this week.
#Cisco small business routers verification#
Because of insufficient authorization enforcement mechanisms, the flaws can be triggered by submitting specific commands to an affected device.Īnother critical flaw was found in the software image verification feature of Cisco’s small business routers. A successful exploit could allow the attacker to execute code with root privileges on the affected device,” Cisco explains in its advisory.Ĭisco also released patches for three flaws in the web-based management interface of the Small Business RV routers, which could allow an attacker to escalate privileges to root and execute arbitrary commands on the device. “An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. The bug exists because there aren’t sufficient boundary checks performed during the processing of specific HTTP requests. The most severe of these issues is CVE-2022-20699 (CVSS score of 10.0), as it allows an unauthenticated, remote attacker to execute arbitrary code on a vulnerable device. Cisco this week announced patches for multiple vulnerabilities in its Small Business RV160, RV260, RV340, and RV345 series routers, including critical bugs that could lead to the execution of arbitrary code with root privileges.
0 kommentar(er)
