• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Cisco Warns of Critical Vulnerability in End-of-Life Routers

You are here: Home / General Cyber Security News / Cisco Warns of Critical Vulnerability in End-of-Life Routers
January 13, 2023

Cisco has warned customers of a critical authentication bypass vulnerability with public exploit code impacting numerous close-of-lifestyle (EoL) VPN routers.

The security flaw (tracked CVE-2023-20025) has been found in the web-dependent administration interface of Cisco Smaller Business (SMB) RV016, RV042, RV042G and RV082 routers presented by Hou Liuyang of Qihoo 360 Netlab.

“[These vulnerabilities] could allow for a remote attacker to bypass authentication or execute arbitrary commands on the fundamental running technique of an influenced product,” Cisco wrote.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


According to Bugcrowd CTO Casey Ellis, SMB routers are broadly deployed, and in a post-COVID hybrid/do the job-from-property environment, the new Cisco vulnerability could impression hundreds of gadgets.

“Branch places of work, [common operating environments], and even household workplaces are potential buyers of the susceptible item,” Ellis stated.

“Financially motivated attackers would be intrigued simply because of the uncooked quantity of these devices that are out there, and nation-states would most likely pay out attention mainly because of the dimension and criticality of opportunity users.”

Additional, the govt believes the vulnerability is also an eye-catching focus on from a technical place of check out.

“As an attacker, if you deal with to get RCE [remote code execution] on main routing or network infrastructure, your means to shift laterally boosts exponentially.”

Mike Parkin, a senior technological engineer at Vulcan Cyber, echoed Ellis’ position, introducing that the versions influenced by these vulnerabilities even now see reasonably widespread usage, however they are all formally EoL.

“The problem will be that these gadgets are usually discovered in little businesses with limited means or applied by people today who may well not have the price range to swap them,” Parkin warned.

“Unfortunately for them, Cisco is not going to resolve this, so anybody who even now has a single of these in service should strongly think about replacing them with a more recent kit quicker fairly than later on.”

Cisco verified it experienced not produced application updates to address the vulnerabilities and that no workarounds address these vulnerabilities.

The flaw comes weeks just after Krishna C. Tata, supervisor of security risk and architecture at Cisco, reviewed the difficulties of various security compliance frameworks.


Some areas of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «windows defender update deletes start menu, taskbar, desktop shortcuts Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cisco Warns of Critical Vulnerability in End-of-Life Routers
  • Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts
  • Meta sues ‘data scraping for hire’ service that collected info on 600k users
  • Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
  • Royal Mail’s Attackers Linked to Russia-Backed LockBit
  • Euro Police Bust Multimillion-Dollar Crypto Fraud Gang
  • Illegal Crypto Transaction Volumes Hit All-Time High
  • Royal Mail ransom note leaked, LockBit’s role remains uncertain
  • Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!
  • Millions of Insurance Customers Compromised Via Supplier

Copyright © TheCyberSecurity.News, All Rights Reserved.