Cisco warning on XSS Flaw in SMB Routers

Cisco warning on XSS Flaw in SMB Routers

PravinKarthik April 6, 20241

Cisco warns of a Cross-Site scripting (XSS) flaw in small business class routers

The vulnerability tracked as CVE-2024-20362 with a CVSS score 6.1 resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. An unauthenticated remote attacker can conduct a cross-site scripting attack against a user of the interface.

Cisco says the impacted devices are end-of-life RV series small business routers, and it will not release software updates to fix the problem. There are no workarounds that address this vulnerability.

Advertisements

This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

The flaw impacts all software releases for the following Cisco RV Series Small Business Routers:

RV016 Multi-WAN VPN Routers
RV042 Dual WAN VPN Routers
RV042G Dual Gigabit WAN VPN Routers
RV082 Dual WAN VPN Routers
RV320 Dual Gigabit WAN VPN Routers
RV325 Dual Gigabit WAN VPN Routers

To mitigate this vulnerability on Cisco Small Business RV016, RV042, RV042G, and RV082 Routers, it recommends disabling remote management and block access to ports 443 and 60443. The routers will still be accessible through the LAN interface after implementing the mitigation.

Cisco is not aware of attacks in the wild exploiting this vulnerability, so the company urges customers to migrate to a supported product.

Cisco says that this vulnerability does not affect the following RV Series Small Business Routers:

RV160 VPN Routers
RV160W Wireless-AC VPN Routers
RV260 VPN Routers
RV260P VPN Routers with PoE
RV260W Wireless-AC VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit PoE VPN Routers

Related Stories

Cisco CVE-2024-20362 Security SMB Routers XSS Flaw

Last updated on April 6, 2024

Cybersecurity Enthusiasts . Will keep update on all happenings around in Security Operations.

1 Comment

Pingback: Cisco warning on XSS Flaw in SMB Routers – SHOPPEX NIGERIA… Search And Shop >>

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.