Skip to main content

Cisco End-of-Life Small Business Routers Multiple Vulnerabilities

Release Date: 12 Jan 2023 3970 Views

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco's End-of-Life Small Business Routers. A remote attacker could exploit some of these vulnerabilities to remote code execution and security restriction bypass on the targeted system.

 

Note:

Proof of Concept exploit code Is publicly available for CVE-2023-20025 and CVE-2023-20026

 

Please note the mentioned router devices are End-of-Life products, Cisco has provided wordaround and no patch is currently available for CVE-2023-20025 and CVE-2023-20026.

 

HKCERT advises users to replace end-of-life products by vendor supported product model.


Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Cisco RV016 Multi-WAN VPN Routers
  • Cisco RV042 Dual WAN VPN Routers
  • Cisco RV042G Dual Gigabit WAN VPN Routers
  • Cisco RV082 Dual WAN VPN Routers

 

Please refer to the link below for detail:


Solutions

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

 

Workaround:

Reduce the vulnerability of attacks by following workaround:

 

  1. Disable Remote Management
  2. Block Access to Ports 443 and 60443

Vulnerability Identifier


Source


Related Link