Cyber Resilience

CVE-2022-20703

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 10 February 2022

Published
10 February 2022
Modified
28 October 2025
KEV Added
03 March 2022
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0200 84.0th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20703 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisco Rv340 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 16.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

Multiple vulnerabilities tracked under CVE-2022-20703 affect Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The issues, assigned a CVSS score of 10.0, stem from flaws including stack-based buffer overflows (CWE-121) and improper certificate validation (CWE-295) that collectively enable arbitrary code execution, privilege escalation, command execution, authentication bypass, execution of unsigned software, and denial of service.

Remote attackers can exploit the flaws over the network without authentication or user interaction, leveraging the routers' exposed management interfaces to achieve any of the listed impacts and fully compromise affected devices.

The Cisco Security Advisory at tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D and related Zero Day Initiative reports provide mitigation guidance and patch information for the affected router firmware. The associated EPSS score has remained flat at 0.02 with no material increase since disclosure.

EU & UK References

Vulnerability details

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned…

more

software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
rv340 firmware
≤ 1.0.03.24
cisco
rv340w firmware
≤ 1.0.03.24
cisco
rv345 firmware
≤ 1.0.03.24
cisco
rv345p firmware
≤ 1.0.03.24
cisco
rv160 firmware
≤ 1.0.01.05
cisco
rv160w firmware
≤ 1.0.01.05
cisco
rv260 firmware
≤ 1.0.01.05
cisco
rv260p firmware
≤ 1.0.01.05
cisco
rv260w firmware
≤ 1.0.01.05

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks that the CVE explicitly allows an unauthenticated attacker to bypass.

prevent

Restricts network-accessible interfaces on the routers, blocking the unauthenticated remote attack vector used by the CVE.

prevent

Requires timely application of firmware patches that remediate the stack-buffer-overflow and certificate-validation flaws underlying the CVE.

References