Cisco Small Business RV Series Routers Vulnerabilities

Vulnerability

CVE-2022-20711 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability exists within the configuration of the NGINX web server. The issue is that the NGINX server lacks authentication prior to allowing access to certain functionality, which can expose sensitive information [1][2]. This allows an attacker to disclose stored web session tokens [2].

Exploitation

Exploitation requires network-adjacent access (logical adjacency, not necessarily physical) and no authentication [2]. An attacker can send requests to the affected NGINX web server that would normally require authentication. The server does not verify identity before granting access to functionality that discloses stored web session tokens [2]. This could be used in conjunction with other vulnerabilities to chain further attacks [1].

Impact

An attacker can successfully exploit this vulnerability to disclose sensitive information, specifically stored web session tokens. With these tokens, the attacker may impersonate authenticated users and potentially achieve further compromise, such as executing commands or escalating privileges. The CVSS score for this vulnerability is 6.3, with a vector of AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N, indicating high confidentiality impact, low integrity impact, and no availability impact [2].

Mitigation

Cisco has released software updates to address this vulnerability. As of the advisory publication date (February 10, 2022), fixed versions are available. Customers are advised to upgrade to the appropriate fixed software version listed in Cisco's security advisory [1]. No workarounds are available, but the vulnerability requires network-adjacent access, which limits exposure.