What is the severity of CVE-2022-20702?

The severity of CVE-2022-20702 is critical.

How can local attackers exploit CVE-2022-20702?

Local attackers can exploit CVE-2022-20702 by escalating privileges on affected Cisco RV340 routers.

What is the affected software for CVE-2022-20702?

The affected software for CVE-2022-20702 includes Cisco RV340 routers with firmware version up to 1.0.03.24.

Where can I find more information about CVE-2022-20702?

You can find more information about CVE-2022-20702 on the Cisco Security Advisory and Zero Day Initiative advisories.

What is the CWE ID for CVE-2022-20702?

The CWE ID for CVE-2022-20702 is CWE-787 and CWE-121.

Vulnerability/
CVE-2022-20702

critical

CWE

787 121

10/2/2022

3/8/2024

6/11/2024

CVE-2022-20702: (Pwn2Own) Cisco RV340 utility-ping-request Insecure Temporary File Local Privilege Escalation Vulnerability

First published: Thu Feb 10 2022(Updated: )

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco RV340
Cisco Rv340 Firmware	<=1.0.03.24
Cisco RV340
Cisco Rv340w Firmware	<=1.0.03.24
Cisco Rv340w
Cisco Rv345 Firmware	<=1.0.03.24
Cisco Rv345
Cisco Rv345p Firmware	<=1.0.03.24
Cisco Rv345p
Cisco Rv160 Firmware	<=1.0.01.05
Cisco Rv160
Cisco Rv160w Firmware	<=1.0.01.05
Cisco Rv160w
Cisco Rv260 Firmware	<=1.0.01.05
Cisco Rv260
Cisco Rv260p Firmware	<=1.0.01.05
Cisco Rv260p
Cisco Rv260w Firmware	<=1.0.01.05
Cisco Rv260w

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-20702?
The severity of CVE-2022-20702 is critical.
How can local attackers exploit CVE-2022-20702?
Local attackers can exploit CVE-2022-20702 by escalating privileges on affected Cisco RV340 routers.
What is the affected software for CVE-2022-20702?
The affected software for CVE-2022-20702 includes Cisco RV340 routers with firmware version up to 1.0.03.24.
Where can I find more information about CVE-2022-20702?
You can find more information about CVE-2022-20702 on the Cisco Security Advisory and Zero Day Initiative advisories.
What is the CWE ID for CVE-2022-20702?
The CWE ID for CVE-2022-20702 is CWE-787 and CWE-121.

collector/nvd-index
agent/weakness
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-22-420
alias/ZDI-CAN-15946
alias/CVE-2022-20702
agent/software-canonical-lookup
vendor/cisco
canonical/cisco rv340 firmware
version/cisco rv340 firmware/1.0.03.24
canonical/cisco rv340
canonical/cisco rv340w firmware
version/cisco rv340w firmware/1.0.03.24
canonical/cisco rv340w
canonical/cisco rv345 firmware
version/cisco rv345 firmware/1.0.03.24
canonical/cisco rv345
canonical/cisco rv345p firmware
version/cisco rv345p firmware/1.0.03.24
canonical/cisco rv345p
canonical/cisco rv160 firmware
version/cisco rv160 firmware/1.0.01.05
canonical/cisco rv160
canonical/cisco rv160w firmware
version/cisco rv160w firmware/1.0.01.05
canonical/cisco rv160w
canonical/cisco rv260 firmware
version/cisco rv260 firmware/1.0.01.05
canonical/cisco rv260
canonical/cisco rv260p firmware
version/cisco rv260p firmware/1.0.01.05
canonical/cisco rv260p
canonical/cisco rv260w firmware
version/cisco rv260w firmware/1.0.01.05
canonical/cisco rv260w