{"id":29481,"date":"2023-01-12T01:10:45","date_gmt":"2023-01-12T01:10:45","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2023\/01\/12\/cisco-warns-customers-of-critical-vulnerabilities-in-small-business-routers\/"},"modified":"2023-01-12T01:10:45","modified_gmt":"2023-01-12T01:10:45","slug":"cisco-warns-customers-of-critical-vulnerabilities-in-small-business-routers","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2023\/01\/12\/cisco-warns-customers-of-critical-vulnerabilities-in-small-business-routers\/","title":{"rendered":"Cisco warns customers of critical vulnerabilities in small business routers"},"content":{"rendered":"

<\/a>\n
<\/p>\n

\n

Cisco Systems Inc. is warning customers<\/a> of two critical vulnerabilities in the web-management interface of some of its small business routers that could allow a remote attacker to gain access to a targeted device.<\/p>\n

The vulnerabilities have been found in Cisco Small Business RV016, RV042, RV042G and RV082 routers. Using the access, an attacker can bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.<\/p>\n

The first vulnerability \u2013 CVE-2023-20025, is due to improper validation of user input within incoming HTTP packets. An attacker can exploit this vulnerability by sending a crafted HTTP request to the web-based management interface, bypassing authentication and gaining root access to the underlying operating system.<\/p>\n

The second vulnerability \u2013 CVE-2023-20026, is also due to improper validation of user input within incoming HTTP packets. Like the first vulnerability, an attacker could exploit the vulnerability by sending a crafted HTTP request to the web-based management interface. Using the exploit, an attacker could gain root-level privileges and access unauthorized data.<\/p>\n

It is noted that to exploit the second vulnerability, an attacker would need to have valid administrative credentials on the affected device.<\/p>\n

There is no software update or workarounds to address the vulnerabilities. While there are no workarounds, administrators can mitigate the vulnerabilities by disabling remote management and blocking access to ports 443 and 60443. The routers will still be accessible through the LAN interface after the mitigation has been implemented.<\/p>\n

Notably, Cisco said it would not release software updates to address the vulnerabilities as the routers have entered the end-of-life process.<\/p>\n

\u201cThe Cisco small business routers affected by these vulnerabilities still see reasonably widespread usage, though they are all officially end of life,\u201d Mike Parkin, senior technical engineer at enterprise cyber risk remediation company Vulcan Cyber Ltd.<\/a>, told SiliconANGLE. \u201cThe challenge will be that these devices are typically found in small businesses with limited resources or used by individuals who may not have the budget to replace them.\u201d<\/p>\n

Noting that it\u2019s unfortunate that Cisco is not going to fix the vulnerabilities, Parkin warned that \u201canyone who still has one of these in service should strongly consider replacing them with newer kit sooner rather than later.\u201d<\/p>\n

John Bambenek, principal threat hunter at cloud data analytics provider\u00a0Netenrich Inc.<\/a> noted that \u201cit\u2019s always a best practice not to allow remote administration of network devices accessible from the open internet, however, small business using some MSP\/MSSPs have to leave it open for their service providers.\u201d<\/p>\n

\u201cThat said, this is the worst of all worlds with proof of concept code publicly available and no mitigations or patches available,\u201d Bambenek added.<\/p>\n

Photo: Rawpixel<\/a><\/h5>\n
\n
\n

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.<\/span><\/h3>\n<\/div><\/div>\n