CVE-2023-20025
published 2023-01-20CVE-2023-20025: A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.63%
73.3th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | small_business_rv016_rv042_rv042g_rv082_rv320_and_rv325_routers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers; monitor for anomalous or malformed HTTP requests targeting the router management interface from unauthenticated sources ↗
- →Root cause is improper validation of user input within incoming HTTP packets; inspect HTTP request payloads to the management interface for unexpected or malformed input patterns that may bypass authentication logic ↗
- →Successful exploitation grants root access on the underlying OS; monitor for unexpected root-level process spawning or OS-level command execution originating from the router web management process ↗
- →The vulnerability is also tracked under Cisco Bug IDs CSCwd47551, CSCwd60199, CSCwe41652; use these identifiers when correlating vendor threat intelligence or SIEM feeds ↗
- ·No software patch is available from Cisco for affected devices (RV016, RV042, RV042G, RV082, RV320, RV325); these are end-of-life products with no planned fix, so network-level controls (e.g., blocking external access to the management interface) are the only mitigation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
vendor_cisco·2023-01-11·CVSS 9.0
CVE-2023-20025 [CRITICAL] CWE-293 Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has not released software updates to address the vulnerabilities described in this advisory. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Cisco
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2023-20025 [MEDIUM] Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
CVE-2023-20025: Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the
Severity: medium
CVSS: 3.1
CWE: CWE-293, CWE-77, CWE-293, CWE-77
Bug IDs: CSCwd47551, CSCwd60199, CSCwe41652, CSCwd47551, CSCwd60199
GHSA
GHSA-q4cw-h889-p6jj: A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to
ghsa_unreviewed·2023-01-20
CVE-2023-20025 [CRITICAL] CWE-20 GHSA-q4cw-h889-p6jj: A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to
A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.
No detection rules found.
No public exploits indexed.
2023-01-20
Published