Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL

10 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Likelihood

EPSS Prediction

6.08 %

Predictive Probability

Percentile Rank

90.5 th

Documented as more likely to be exploited than 90.5% of known CVEs.

Detection Date

Mar 03, 2022

Remediation Due

Mar 17, 2022

CISA Catalog Active

Threat Analysis

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

Cisco

Affected Product

Small Business RV160, RV260, RV340, and RV345 Series Routers

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-121

External Intelligence

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-20701