9
CVE-2022-20753
- EPSS 1.67%
- Published 04.05.2022 17:15:08
- Last modified 21.11.2024 06:43:28
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Rv340 Firmware Version < 1.0.03.27
Cisco ≫ Rv340w Firmware Version < 1.0.03.27
Cisco ≫ Rv345 Firmware Version < 1.0.03.27
Cisco ≫ Rv345p Firmware Version < 1.0.03.27
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.67% | 0.813 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| psirt@cisco.com | 4.7 | 1.2 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.