Endpoint/Device Security, Vulnerability Management

Critical flaws found in Cisco small business routers

Cisco has warned that some of its end-of-life small business routers including the Cisco Small Business RV016, RV042, RV042G, and RV082 routers are being impacted by two critical flaws within their web-based management interface, which could be leveraged to obtain unauthorized access, according to SiliconAngle. Threat actors could exploit the first flaw, tracked as CVE-2023-20025, to evade authentication and secure root access to the operating system, while the second bug, tracked as CVE-2023-20026, could be leveraged by attackers with valid administrative credentials to obtain root-level privileges and unauthorized data access. No software updates are being mulled for the vulnerabilities, with Cisco urging administrators to deactivate remote management and block port 443 and port 60443 access as a means of mitigation. "The Cisco small business routers affected by these vulnerabilities still see reasonably widespread usage, though they are all officially end of life. The challenge will be that these devices are typically found in small businesses with limited resources or used by individuals who may not have the budget to replace them," said Vulcan Cyber Senior Technical Engineer Mike Parkin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.