CVSS 10 Critical Vulnerabilities on Cisco RV340 and RV345 Routers

Cisco has released a security advisory that covers multiple critical vulnerabilities on the small routers from Cisco RV340 and RV345 routers. These vulnerabilities have been resolved by Cisco through a patch that is downloadable through the products download page. You will need to have a registered maintenance contract for your Cisco devices to download the patch. We look at the latest vulnerabilities that affect RV340 and RV345 with critical or high impact on the affected infrastructure.

These vulnerabilities affect the software release 1.0.03.24 of Cisco RV340 and RV345 series routers. We do suggest updating the firmware on the devices to the latest version.

What Cisco routers are affected in the RV340 and RV345 series?

The vulnerabilities disclosed by Cisco affect the following routers in the RV340 and RV345 series:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers

Critical vulnerabilities on Cisco RV340 and RV345 series routers?

There are 5 critical vulnerabilities on the Cisco RV340 and RV345 series routers; all these vulnerabilities with the corresponding severity are mentioned below.

CVE-2022-20699-Remote Code Execution vulnerability

The CVE-2022-20699 vulnerability is a remote code execution vulnerability that affects the RV340 and RV345 series routers. This is a critical vulnerability with a CVSS score of 10. This vulnerability affects the following routers:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers

This vulnerability rests on the SSL VPN module of the VPN gateway and allows an attacker to run malicious code on the affected VPN gateway.

The latest security update resolves the issue on the SSL VPN module of the RV340 and RV345 series routers.

CVSS-2022-20700, CVSS-2022-20701 – Privilege Escalation vulnerabilities

  • These 2 vulnerabilities affect Cisco routers RV340 and RV345 series routers.
  • CVSS-2022-20700 is a CVSS 10 critical vulnerability.
  • The associated Cisco bug ID are CSCwa14564CSCwa14565.
  • CVSS-2022-20701 is a CVSS 9 critical vulnerability.
  • The associated Cisco bug id for CVSS-2022-20701 are CSCwa12836CSCwa13119.

CVE-2022-20703-Routers Digital Signature Verification Bypass Vulnerability

CVE-2022-20703 vulnerability is a CVSS 9.3 critical impact vulnerability. This vulnerability is on account of improper verification of software images on the target device. An attacker could exploit the vulnerability to deploy a malicious image or unsigned binaries on the target device and pose a risk to the network. The bug IDs associated with CVE-2022-20703 are CSCwa12748CSCwa13115.

CVE-2022-20708- Command Injection Vulnerabilities

CVE-2022-20708 is a critical command injection vulnerability with a CVSS score of 10. The vulnerability allows a remote attacker to run arbitrary commands on the underlying operating system of the router. An attacker could run malicious code and commands on the Linux server.

High-impact Vulnerabilities on Cisco RV340 and RV345 series routers

There are six high impact vulnerabilities on the Cisco RV340 and Cisco RV345 series routers. These vulnerabilities are mentioned below:

CVE-2022-20705-Improper Session Management Vulnerability

This vulnerability rests on session management of the web UI of Cisco Small Business RV Series Routers. An attacker could access the web UI and run malicious code or perform unauthorized actions by compromising administrative access through the web UI. This vulnerability has a high impact and carries a CVSS rating of 5.3.

CVE-2022-20706-GUI Denial of Service Vulnerability

This denial of service vulnerability rests on the Open Plug and Play (PnP) module of Cisco Small Business RV Series Routers. This is a man-in-the-middle attack and the attacker needs to be proximal to the target router. The attacker could deploy malicious code and attack the Linux operating system on the router.

Cisco bug ids associated with CVE-2022-20706 are CSCwa14007CSCwa14008. This vulnerability has a high impact and a CVSS score of 8.3.

CVE-2022-20707 and CVE-2022-20749-Command Injection Vulnerability

The web based management interface of Cisco RV340 and RV345 series routers could allow remote attacker to access the target and run or execute malicious commands or code on the underlying operating system of the router. Both vulnerabilities carry a CVSS score of 7.3.

CVE-2022-20711-Arbitrary File Overwrite Vulnerability

This is a high-impact vulnerability with a CVSS score of 8.2. A remote attacker could access the target device and overwrite files on the router affected by this vulnerability. The web interface could be manipulated to access the target device by an attacker. Poor security on the web interface is the cause of this vulnerability.

Cisco bug for this vulnearbility is CSCwa13888.

CVE-2022-20712-Upload Module Remote Code Execution Vulnerability

An attacker could use a flaw in the router’s upload module and send malicious HTTP requests and run arbitrary code on the target router with non-root privileges. The attacker is remote and can execute malicious code on the affected target router device. This is a high-impact security vulnerability with a CVSS rating of 7.3.

Cisco bug ids associated with this vulnerability are CSCwa18769, CSCwa18770.

You can download the security update from the Cisco website for the Cisco RV340 and RV345 series routers. We also suggest downloading the latest firmware release 1.0.01.7 for the Cisco basic series routers.

Other vulnerabilities on Cisco RV345 and RV345 series routers

Aside from these critical and high impact vulnerabilities, Cisco routers of Series RV340 and RV345 are affected by multiple other vulnerabilities with medium or low impact.

  • CVE-2022-20702 with a CVSS rating of 6.
  • CVE-2022-20704 with a CVSS rating of 4.8.
  • CVE-2022-20709 with a CVSS rating of 5.3.
  • CVE-2022-20710 with a CVSS rating of 5.3.

These vulnerabilities have a MEDIUM impact on the affected routers. We stick to the critical and high impact vulnerabilities for the purpose of this study.

How do I fix critical and high impact vulnerabilities on Cisco RV340 and Cisco RV345 routers?

A free software update has been released by Cisco to address these vulnerabilities. You can download it through the product downloads page or you can contact Cisco TAC to access the latest security fix.

You can also download the latest firmware from the links mentioned below. The latest firmware has been released on 28th January 2022.

  • Download firmware release 1.0.01.07 for the Cisco RV340 and Cisco RV345series routers. The firmware file is of 62.75 MB size.
  • You can request for the security update from Cisco TAC. You can share the bug id for a ready reference.

Summary

Cisco RV340 and RV345 series routers are affected with 5 critical and 6 high-impact vulnerabilities. Cisco has shared details of the vulnerabilities. The company has shared details about the security update to resolve these vulnerabilities. You can download the security update through the software downloads page or get the update from Cisco TAC.

You may also like to read more content related to IT security: