Cisco End-of-Life Small Business Routers Multiple Vulnerabilities

Release Date: 12 Jan 2023 6026 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco's End-of-Life Small Business Routers. A remote attacker could exploit some of these vulnerabilities to remote code execution and security restriction bypass on the targeted system.

 

Note:

Proof of Concept exploit code Is publicly available for CVE-2023-20025 and CVE-2023-20026

 

Please note the mentioned router devices are End-of-Life products, Cisco has provided wordaround and no patch is currently available for CVE-2023-20025 and CVE-2023-20026.

 

HKCERT advises users to replace end-of-life products by vendor supported product model.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Cisco RV016 Multi-WAN VPN Routers
  • Cisco RV042 Dual WAN VPN Routers
  • Cisco RV042G Dual Gigabit WAN VPN Routers
  • Cisco RV082 Dual WAN VPN Routers

 

Please refer to the link below for detail:

Solutions

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

 

Workaround:

Reduce the vulnerability of attacks by following workaround:

 

  1. Disable Remote Management
  2. Block Access to Ports 443 and 60443

Vulnerability Identifier

Source

Related Link

Related Tags

CiscoRemote Code ExecutionSecurity Restriction BypassProof of Concept

Share with

Previous

Adobe Monthly Security Update (January 2023)

11 Jan 2023 5071 Views

Next

Microsoft Edge Multiple Vulnerabilities

13 Jan 2023 5091 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY