CVE-2022-20699
Published: 10 February 2022
Summary
CVE-2022-20699 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisco Rv340 Firmware. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2022-20699 encompasses multiple vulnerabilities, including stack-based buffer overflows and improper input validation, affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. These issues carry a CVSS score of 10.0 and are associated with CWE-121 and CWE-1284.
An unauthenticated remote attacker can exploit the flaws over the network to execute arbitrary code, elevate privileges, run unsigned software, bypass authentication controls, or trigger denial-of-service conditions, as demonstrated by public proof-of-concept material targeting the RV340 SSL VPN interface.
The Cisco Security Advisory and related disclosures from Zero Day Initiative indicate that patches or firmware updates address the issues, with the EPSS score reaching a peak of 0.9648 and remaining at 0.8940, reflecting sustained exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-25949
Vulnerability details
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned…
more
software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks unauthenticated remote access to the SSL VPN interface, preventing the arbitrary code execution and privilege-escalation paths described in the CVE.
Enforces validation of all input to the web/SSL-VPN service, mitigating the stack-based buffer overflows and improper quantity checks (CWE-121, CWE-1284) that enable RCE.
Requires explicit authorization, encryption, and endpoint controls for all remote management/VPN connections, reducing the attack surface exposed by the vulnerable RV-series interfaces.