9

CVE-2022-20841

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoRv160 Firmware Version < 1.0.01.05
   CiscoRv160 Version-
CiscoRv160w Firmware Version < 1.0.01.05
   CiscoRv160w Version-
CiscoRv260 Firmware Version < 1.0.01.05
   CiscoRv260 Version-
CiscoRv260p Firmware Version < 1.0.01.05
   CiscoRv260p Version-
CiscoRv260w Firmware Version < 1.0.01.05
   CiscoRv260w Version-
CiscoRv340 Firmware Version < 1.0.03.26
   CiscoRv340 Version-
CiscoRv340w Firmware Version < 1.0.03.26
   CiscoRv340w Version-
CiscoRv345 Firmware Version < 1.0.03.26
   CiscoRv345 Version-
CiscoRv345p Firmware Version < 1.0.03.26
   CiscoRv345p Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.89% 0.858
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
psirt@cisco.com 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.