Multiple vulnerabilities in Cisco Small Business routers could allow any unauthenticated actor to potentially plant a backdoor in devices, allowing for persistent access to internal networks.
The security issues are present in versions of the RV160, RV260, RV340, and RV345 Series Routers.
An attacker could bypass authentication protections, execute arbitrary commands, fetch and run unsigned software, and even execute arbitrary code as root, Cisco has warned.
RCE as root
In an advisory, Cisco warned that a vulnerability (CVE-2022-20699) in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected device.
This means the flaw, which was assigned a ‘critical’ CVSS score of 10.0, could enable an attacker to install a backdoor and gain persistent access.
The advisory explains: “This vulnerability is due to insufficient boundary checks when processing specific HTTP requests.
“An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway.”
The SSL VPN Gateway acts as a secure portal for users to access internal networks containing private services, such as administrative applications intended for employees only.
Multiple privilege escalation vulnerabilities – CVE-2022-20700, which also has a CVSS score of 10.0, CVE-2022-20701, and CVE-2022-20702 – were also discovered in the Cisco Small Business RV Series Routers.
The security bugs in the web-based management interface of the devices could allow a remote attacker to elevate privileges to root, Cisco warned.
The advisory adds: “These vulnerabilities are due to insufficient authorization enforcement mechanisms.
“An attacker could exploit these vulnerabilities by submitting specific commands to an affected device. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the affected system.”
Another vulnerability in the upload module of Cisco Small Business RV Series Routers (CVE-2022-20712) is due to insufficient boundary checks when processing specific HTTP requests.
“An attacker could exploit this vulnerability by sending malicious HTTP requests to an affected device,” the advisory reads. “A successful exploit could allow the attacker to execute code with non-root privileges on the device.”
In total, there are 15 reported vulnerabilities, all of which have been patched. The advisory contains more information related to all of these issues.
Users are urged to update to the latest versions, which can be found in the advisory.
Source: https://portswigger.net/daily-swig/vulnerabilities-in-cisco-small-business-routers-could-allow-unauthenticated-attackers-persistent-access-to-internal-networks