CVE-2022-20703: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability
First published: Thu Feb 10 2022(Updated: )
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv340 Firmware | <=1.0.03.24 | |
| Cisco RV340 | ||
| Cisco Rv340w Firmware | <=1.0.03.24 | |
| Cisco Rv340w | ||
| Cisco Rv345 Firmware | <=1.0.03.24 | |
| Cisco Rv345 | ||
| Cisco Rv345p Firmware | <=1.0.03.24 | |
| Cisco Rv345p | ||
| Cisco Rv160 Firmware | <=1.0.01.05 | |
| Cisco Rv160 | ||
| Cisco Rv160w Firmware | <=1.0.01.05 | |
| Cisco Rv160w | ||
| Cisco Rv260 Firmware | <=1.0.01.05 | |
| Cisco Rv260 | ||
| Cisco Rv260p Firmware | <=1.0.01.05 | |
| Cisco Rv260p | ||
| Cisco Rv260w Firmware | <=1.0.01.05 | |
| Cisco Rv260w | ||
| All of | ||
| Cisco Rv340 Firmware | <=1.0.03.24 | |
| Cisco RV340 | ||
| All of | ||
| Cisco Rv340w Firmware | <=1.0.03.24 | |
| Cisco Rv340w | ||
| All of | ||
| Cisco Rv345 Firmware | <=1.0.03.24 | |
| Cisco Rv345 | ||
| All of | ||
| Cisco Rv345p Firmware | <=1.0.03.24 | |
| Cisco Rv345p | ||
| All of | ||
| Cisco Rv160 Firmware | <=1.0.01.05 | |
| Cisco Rv160 | ||
| All of | ||
| Cisco Rv160w Firmware | <=1.0.01.05 | |
| Cisco Rv160w | ||
| All of | ||
| Cisco Rv260 Firmware | <=1.0.01.05 | |
| Cisco Rv260 | ||
| All of | ||
| Cisco Rv260p Firmware | <=1.0.01.05 | |
| Cisco Rv260p | ||
| All of | ||
| Cisco Rv260w Firmware | <=1.0.01.05 | |
| Cisco Rv260w | ||
| Cisco RV340 | ||
| Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers | ||
| All of | ||
| <=1.0.03.24 | ||
| All of | ||
| <=1.0.03.24 | ||
| All of | ||
| <=1.0.03.24 | ||
| All of | ||
| <=1.0.03.24 | ||
| All of | ||
| <=1.0.01.05 | ||
| All of | ||
| <=1.0.01.05 | ||
| All of | ||
| <=1.0.01.05 | ||
| All of | ||
| <=1.0.01.05 | ||
| All of | ||
| <=1.0.01.05 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID for this issue is CVE-2022-20703.
What is the severity of CVE-2022-20703?
The severity of CVE-2022-20703 is critical with a CVSS score of 8.8.
Which Cisco products are affected by CVE-2022-20703?
The Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by CVE-2022-20703.
Is user interaction required to exploit CVE-2022-20703?
Yes, user interaction is required to exploit CVE-2022-20703.
Are there any available references for more information about CVE-2022-20703?
Yes, you can find more information about CVE-2022-20703 at the following links: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D), [ZDI Advisory 22-408](https://www.zerodayinitiative.com/advisories/ZDI-22-408/), [ZDI Advisory 22-413](https://www.zerodayinitiative.com/advisories/ZDI-22-413/)
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-413
- alias/ZDI-CAN-15810
- alias/CVE-2022-20703
- alias/CVE-2022-20704
- alias/ZDI-22-408
- alias/ZDI-CAN-15611
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/cisco
- canonical/cisco rv340 firmware
- version/cisco rv340 firmware/1.0.03.24
- canonical/cisco rv340
- canonical/cisco rv340w firmware
- version/cisco rv340w firmware/1.0.03.24
- canonical/cisco rv340w
- canonical/cisco rv345 firmware
- version/cisco rv345 firmware/1.0.03.24
- canonical/cisco rv345
- canonical/cisco rv345p firmware
- version/cisco rv345p firmware/1.0.03.24
- canonical/cisco rv345p
- canonical/cisco rv160 firmware
- version/cisco rv160 firmware/1.0.01.05
- canonical/cisco rv160
- canonical/cisco rv160w firmware
- version/cisco rv160w firmware/1.0.01.05
- canonical/cisco rv160w
- canonical/cisco rv260 firmware
- version/cisco rv260 firmware/1.0.01.05
- canonical/cisco rv260
- canonical/cisco rv260p firmware
- version/cisco rv260p firmware/1.0.01.05
- canonical/cisco rv260p
- canonical/cisco rv260w firmware
- version/cisco rv260w firmware/1.0.01.05
- canonical/cisco rv260w
- canonical/cisco small business rv160, rv260, rv340, and rv345 series routers