A critical security vulnerability has been discovered in a number of Cisco routers (Opens in a new tab) Which allows threat actors to bypass authentication, gain root access to the endpoint, and even fire arbitrary commands at the underlying operating system in the second phase of the attack.
The news comes from Cisco itself, which said it wouldn’t address the flaw because it was caught on endpoints that had reached the end of their lifespan. The flaw, tracked as CVE-2023-20025, affects Cisco Small Business RV016, RV042, RV042G, and RV082 routers. By sending a custom HTTP request to the web-based management interface of compromised routers, attackers can remotely bypass device authentication and exploit it.
Attackers would then be able to take advantage of a second vulnerability, also recently disclosed CVE-2023-2002, to execute arbitrary commands on a device’s operating system.
Block important ports
The bugs are labeled “critical,” but Cisco won’t handle them, mostly because the hardware in question is no longer supported by the company. However, BleepingComputer found that the RV042 and RV042G routers were available for sale until January 30, 2020, and will enjoy the company’s support until January 31, 2025.
There are no workarounds for the error, but administrators can disable the routers web-based administration interface, or block access to ports 443 and 60443, which can help prevent potential attacks.
This isn’t the first time Cisco has decided not to fix authentication bypass vulnerabilities. In September, BleepingComputer reported that a similar bug was discovered affecting the RV110W, RV130, RV130W, and RV2015W EoL. At the time, Cisco suggested customers move to the RV132W, RV160, and RV160W.
In June, a critical remote code execution (RCE) bug (tracked as CVE-2022-20825) was found and left unchecked.
Routers are a crucial component of data transmission, and thus a prime target for cybercriminals. Therefore, it is not uncommon for cybersecurity researchers and OEMs to regularly find and patch high-risk flaws. However, unpatched flaws can wreak havoc on the network, as threat actors don’t have to discover new vulnerabilities themselves – they can just take advantage of what is already known.
Via: BleepingComputer (Opens in a new tab)