Cisco End-of-Life Small Business Routers Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Cisco's End-of-Life Small Business Routers. A remote attacker could exploit some of these vulnerabilities to remote code execution and security restriction bypass on the targeted system.
Proof of Concept exploit code Is publicly available for CVE-2023-20025 and CVE-2023-20026
Please note the mentioned router devices are End-of-Life products, Cisco has provided wordaround and no patch is currently available for CVE-2023-20025 and CVE-2023-20026.
HKCERT advises users to replace end-of-life products by vendor supported product model.
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Cisco RV016 Multi-WAN VPN Routers
- Cisco RV042 Dual WAN VPN Routers
- Cisco RV042G Dual Gigabit WAN VPN Routers
- Cisco RV082 Dual WAN VPN Routers
Please refer to the link below for detail:
Please visit the vendor web-site for more details.
Apply workarounds issued by the vendor:
Reduce the vulnerability of attacks by following workaround:
- Disable Remote Management
- Block Access to Ports 443 and 60443