Cisco Warned on Critical Vulnerabilities in its Routers
Cisco has warned its customers of two critical vulnerabilities in the web management interface of some of its small business routers that could allow a remote attacker to gain access to a targeted device.
The vulnerabilities have been found in Cisco Small Business RV016, RV042, RV042G and RV082 routers. Using the access, an attacker can bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
The first vulnerability, tracked as CVE-2023-20025, is the result of improper validation of user input within incoming HTTP packets. An attacker can exploit this vulnerability by sending a crafted HTTP request to the web-based management interface, bypassing authentication, and gaining root access to the underlying operating system.
The second vulnerability, tracked as CVE-2023-20026, also stems from improper validation of user input within incoming HTTP packets. An attacker could exploit the vulnerability by sending a crafted HTTP request to the web-based management interface. Using the exploit, an attacker could gain root-level privileges and access unauthorized data.
No patches were available at the time of writing, administrators can mitigate the vulnerabilities by disabling remote management and blocking access to ports 443 and 60443. The routers will still be accessible through the LAN interface after the mitigation has been implemented.
Cisco said it would not release software updates to address the vulnerabilities as the routers have entered the end-of-life process.