KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

10.0

CVSS
Critical

CVE-2022-20699

PUBLISHED

Cisco Small Business RV Series Routers Vulnerabilities

Exploited in the wild Remote Low complexity No user interaction

Vendor: Cisco
Product: Cisco Small Business RV Series Router Firmware
Published: Feb 10, 2022
EPSS: —

Description

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

windows cisa edge metasploit

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2022-03-03 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 03, 2022

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb	Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

cisco_rv340_sslvpn

metasploit · Created Unknown

Metasploit module for CVE-2022-20699

rohan-flutterint/CVE-2022-20699

github · Created 2022-02-14 06:23:06 UTC · 4 stars

Audiobahn/CVE-2022-20699

github · Created 2022-02-07 15:53:21 UTC · 240 stars

Cisco Anyconnect VPN unauth RCE (rwx stack)

Timeline

CVE ID Reserved

November 02, 2021
CVE Published to Public

February 10, 2022
Added to KEVIntel

March 03, 2022
Detected by Metasploit

April 28, 2025