Lucene search
Jeongun Baek of DiffenseZDI-22-420HistoryFeb 22, 2022 - 12:00 a.m.
(Pwn2Own) Cisco RV340 utility-ping-request Insecure Temporary File Local Privilege Escalation Vulnerability
2022-02-2200:00:00
Jeongun Baek of Diffense
www.zerodayinitiative.com
17
0.003 Low
EPSS
Percentile
71.7%
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the utility-ping-request script. The issue results from the creation of a temporary file with insecure permissions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Related
cve
cve
CVE-2022-20702
2022-02-10 18:15:09
cvelist
cvelist
CVE-2022-20702 Cisco Small Business RV Series Routers Vulnerabilities
2022-02-03 00:00:00
prion
prion
Authentication flaw
2022-02-10 18:15:00
nvd
nvd
CVE-2022-20702
2022-02-10 18:15:09
cisco
cisco
Cisco Small Business RV Series Routers Vulnerabilities
2022-02-02 16:00:00
thn
thn
Critical Flaws Discovered in Cisco Small Business RV Series Routers
2022-02-03 14:05:00
threatpost
threatpost
Critical Cisco Bugs Open VPN Routers to Cyberattacks
2022-02-03 20:15:54
nessus
nessus