virus logo Web Application Security

Cisco.RV.Servics.CGI.upload.session.ID.Remote.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in Cisco RV Series Routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Cisco RV340 firmware version 1.0.03.24 and prior
Cisco RV340w firmware version 1.0.03.24 and prior
Cisco RV345 firmware version 1.0.03.24 and prior
Cisco RV345p firmware version 1.0.03.24 and prior
Cisco RV160 firmware version 1.0.01.05 and prior
Cisco RV160w firmware version 1.0.01.05 and prior
Cisco RV260 firmware version 1.0.01.05 and prior
Cisco RV260p firmware version 1.0.01.05 and prior
Cisco RV260w firmware version 1.0.01.05 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Version Updates

Date Version Detail
2023-03-15 0.00344

CVE References

CVE-2022-20707
ID 1090491706
Created Mar 15, 2023
Updated Mar 15, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action pass
Active
Affected OS Linux
Affected App Cisco
Engine Version 5.0.1 or later