How to Fix CVE-2022-20700: Cisco RV Series Router (Bundle Sibling)

*By Sai Kiran Pandrala*

CVE-2022-20700 is a sibling CVE in the Cisco RV Series advisory bundle. Full remediation procedure is at How to Fix CVE-2022-20708.

What's different about CVE-2022-20700?

It is another distinct stack-overflow vulnerability in the RV web management interface. Same vector class (unauthenticated, network-reachable), same impact (root RCE), same fix as the rest of the bundle.

How to fix CVE-2022-20700

Apply firmware 1.0.03.26 or later for RV340/RV345 series. Replace EOL RV160/RV260 hardware where no fix is planned. The complete procedure with download links, configuration backup, install, and verification is in How to Fix CVE-2022-20708.

Frequently asked questions

Is CVE-2022-20700 actively exploited?

Yes. CVE-2022-20700 is on the CISA Known Exploited Vulnerabilities catalog, so federal civilian agencies are required to patch on the published deadline. Most enterprises treat the same date as the practical floor.

What is the CVSS severity of CVE-2022-20700?

Critical. See the advisory for the full CVSS vector.

Where can I read the official advisory?

See https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vu

Does the patch require a reboot?

It depends on the deployment. Service-only updates usually need a service restart; OS-level fixes require a full reboot. Check the vendor release notes for the exact post-upgrade steps.

References

• Official Cisco PSIRT advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vu
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-20700
• CISA KEV catalog entry: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Bundle primary: How to Fix CVE-2022-20708

*This guide is one of the bundle siblings disclosed in the same Cisco PSIRT advisory. The primary write-up with full remediation steps lives at how-to-fix-cve-2022-20708.*