Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Cisco Fixed RCE and Command Injection Flaws in VPN Router Series
Table Of Content
Home

Resources

Blog
Aug 04, 2022
2 Mins Read

Cisco Fixed RCE and Command Injection Flaws in VPN Router Series

Cisco released fixes for several vulnerabilities in its VPN routers. Affected products could be subject to remote code execution, command injection, and DoS attacks by unauthenticated, remote attackers. The vulnerabilities are labeled CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842; and are caused by insufficient input validation. Currently, there is no evidence of exploitation in the wild. 

How Do Vulnerabilities Affect?

CVE-2022-20842 exists in the web-based management interface of VPN routers. By sending a crafted HTTP input to a vulnerable device, an attacker can exploit it and perform RCE as a root user in the OS or cause denial-of-service

CVE-2022-20827 can be exploited by sending crafted input to the web filter database update feature. This vulnerability could enable an attacker to execute arbitrary commands with root privilege, like in CVE-2022-20842.

CVE-2022-20841 is a vulnerability in the Cisco router’s PnP (Open Plug and Play) module. It can be exploited by a malicious input sent to the vulnerable device. To exploit it, the attacker must be in a MiTM (man-in-the-middle) position or already have control over a particular network device linked to the vulnerable router. According to Cisco, this vulnerability “could allow an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system.” 

Is There a Way to Mitigate? 

There are no available workarounds for these vulnerabilities; updating your software is recommended. 

Affected products and versions are listed below: 

Vulnerable to CVE-2022-20827 and CVE-2022-20841: 

  • RV160 and RV260 Series Routers (earlier than 1.0.01.05) 
  • RV160 and RV260 Series Routers (1.0.01.05) 
  • RV340 and RV345 Series Routers (earlier than 1.0.03.26) 
  • RV340 and RV345 Series Routers (1.0.03.26) 

Vulnerable to CVE-2022-20842: 

  • RV340 and RV345 Series Routers (1.0.03.26 and earlier) 

Check Cisco’s security advisory for free security updates and additional information on the subject.

Related Articles
SOCRadar® Cyber Intelligence Inc. | OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
Apr 18, 2024
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024