Privacy Ninja

Cisco Fixes Critical Remote Code Execution Bug in VPN Routers

Cisco Fixes Critical Remote Code Execution Bug in VPN Routers

Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices.

The two security flaws tracked as CVE-2022-20842 and CVE-2022-20827 were found in the web-based management interfaces and the web filter database update feature, and are both caused by insufficient input validation.

Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers “to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition,” the company explains.

CVE-2022-20827 exploits by submitting crafted input to the web filter database update feature can let threat actors “execute commands on the underlying operating system with root privileges.”

Also Read: How Does Ransomware Work? Examples and Defense Tips

The complete list of routers affected by these bugs includes Small Business RV160, RV260, RV340, and RV345 series VPN routers (CVE-2022-20842 only impacts the last two).

Affected by CVE-2022-20827Affected ReleasesFirst Fixed Release
RV160 and RV260 Series RoutersEarlier than vulnerable
RV160 and RV260 Series Routers1.
RV340 and RV345 Series RoutersEarlier than vulnerable
RV340 and RV345 Series Routers1.
Affected by CVE-2022-20842Affected ReleasesFirst Fixed Release
RV340 and RV345 Series Routers1.0.03.26 and earlier1.0.03.28

Both flaws are exploitable remotely without requiring authentication in attacks that don’t require user interaction.

Cisco has released software updates to address both vulnerabilities and says there are no workarounds to remove the attack vectors.

No in-the-wild exploitation

These security vulnerabilities were found by security researchers with the IoT Inspector Research Lab, the Chaitin Security Research Lab, and the CLP-team.

The company’s Product Security Incident Response Team (PSIRT) said Cisco is unaware of active exploitation or publicly available exploits in the wild.

Also Read: How to Choose the Best Penetration Testing Vendor

Today, Cisco has also patched a third, high severity bug (CVE-2022-20841) in the Open Plug and Play (PnP) module of RV160, RV260, RV340, and RV345 series routers.

If unpatched, this flaw can let attackers execute arbitrary commands on the underlying Linux operating system by sending malicious input to unpatched devices.

However, it also requires the threat actor to “leverage a man-in-the-middle position or have an established foothold on a specific network device that is connected to the affected router.”

Last month, Cisco addressed another set of severe security bugs in the Cisco Nexus Dashboard data center management solution that let unauthenticated attackers execute commands and perform actions remotely with root or Administrator privileges.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us