CVE-2022-20842

Published Aug 10, 2022

Last updated a year ago

CVSS critical 9.8

Overview

Description: Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-20
ykramarz@cisco.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BE28C05-F476-4D81-AC78-782E2C4AEAAE",
            "versionEndExcluding": "1.0.03.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "700C05A8-7A02-4805-8068-0D1A942CB867",
            "versionEndExcluding": "1.0.03.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E19746-004F-420C-A305-A3251986DB5C",
            "versionEndExcluding": "1.0.03.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB520B21-E5E4-46B1-8485-561721D45272",
            "versionEndExcluding": "1.0.03.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References