25 JAN 2023
Cisco has warned of two security vulnerabilities affecting Small Business Routers which have reached end-of-life (EoL). Both vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets. An unauthenticated, remote attacker could exploit it by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions.
The lack of adequate validation is also the reason behind the second flaw tracked as CVE-2023-20026 (CVSS score: 6.5), permitting an attacker with valid admin credentials to achieve root-level privileges and access unauthorized data.
Researchers have discovered that over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
- RV016 Multi-WAN VPN Routers
- RV042 Dual WAN VPN Routers
- RV042G Dual Gigabit WAN VPN Routers
- RV082 Dual WAN VPN Routers
Given that these devices are End-of-Life (meaning they are entirely unsupported by Cisco), there will not be an official fix for the vulnerabilities.
If any of these devices are directly connected to the internet with the web administration interface enabled, they are vulnerable and will continue to be.
However, as workarounds, administrators are recommended to disable remote management and block access to ports 443 and 60443.
Please refer to https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 for the steps and procedures to disable remote management and block the abovementioned ports.