Multiple vulnerabilities in the Cisco router "RV series" -Serious impacts such as cord execution

Cisco Systems routers "Cisco Small Business RV Series" have revealed multiple vulnerabilities.It includes serious vulnerabilities and has released updates sequentially.

10 vulnerabilities have been revealed in the "RV345 series", "RV340 Series", "RV260 Series" and "RV160 Series".In addition to this, the RV345 series and the RV340 series have five more vulnerabilities.

If these vulnerabilities are abused, codes and commands may be executed, authorization, authentication bypass, and service refusal.Five of the 15 cases are rated as "Critical", which is the highest in four stages, which is particularly affected.

In the "RV345 Series" and "RV340 Series", the vulnerability "CVE-2022-20699", which may remove the code with Root authority in the "SSL VPN Module", can be executed without authentication.The vulnerability of the command injection "CVE-2022-20708" was found.

In each case, in the common vulnerability evaluation system "CVSSV3.1", the base score is rated as "10.0".

(Security Next --2022/02/04) Tweets

Related Links

PR

関連記事

"Cisco Expressway" and "Cisco Telepresence VCS" multiple serious vulnerabilities MacOS version of "Norton Security" vulnerabilities in the vulnerability call application and PBX library "PJSIP" multiple vulnerabilities XML Perser Library "EXPAT"Five vulnerabilities -the importance "critical" is also vulnerabilities in "VMware Tools" for Windows -Updated Google, "Chrome 99" is released -28 security corrections are performed in the trendy server malware countermeasure products.Dearness of authority to "Mozilla VPN" in an urgent vulnerability -Update is a serious vulnerability in multiple vulnerabilities API gateway "Apache APISIX" for corporate endpoint products for corporate corporations