Cisco Small Business RV Series Routers Vulnerabilities

Vulnerability

CVE-2022-20709 is an information disclosure vulnerability in the NGINX web server configuration of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers [1][2]. The flaw exists because certain NGINX endpoints lack authentication checks, allowing unauthenticated access to functionality that should be protected [2]. Affected devices are those running vulnerable firmware versions as listed in the Cisco advisory [1].

Exploitation

An attacker must be network-adjacent (i.e., on the same local network segment) to the affected device [2]. No authentication is required. The attacker sends crafted HTTP requests to the NGINX server to access unprotected endpoints, which disclose stored web session tokens [2]. This can be achieved without user interaction or special privileges.

Impact

Successful exploitation allows the attacker to retrieve sensitive information in the form of web session tokens [2]. These tokens can be used to impersonate authenticated users, potentially leading to further compromise of the device or the network [2]. The CVSS score for this vulnerability is 6.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) [2], indicating a medium severity with high confidentiality impact.

Mitigation

Cisco has released fixed firmware versions to address this vulnerability. Users should upgrade to the latest software release as specified in the Cisco Security Advisory [1]. If immediate patching is not possible, restrict network access to the device's management interfaces to trusted hosts only [1]. No workaround is available that fully mitigates the vulnerability without upgrading.