#VU60250 Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2022-20703
Published: February 2, 2022 / Updated: March 8, 2022
Vulnerability identifier: #VU60250
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2022-20703
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an attacker to compromise the affected device.
The vulnerability exists due to improper cryptographic signature verification of software images as they are installed on an affected device.An attacker with physical access to device can install and boot a malicious software image or execute unsigned binaries on an affected device.Remediation
Install updates from vendor's website.