Overview

On January 11, 2023, Cisco security published an advisory for multiple vulnerabilities in the web-based management interface that exists in some of their SMB routers. These vulnerabilities could allow authentication bypass (identified as CVE-2023-20025, CVE-2023-20026, and CVE-2023-20045). These vulnerabilities are critical and have been assigned a critical CVSS score of 9.0. The vulnerability impacts the following Cisco RV Series small business routers: RV016 Multi-WAN VPN Routers RV042 Dual WAN VPN Routers RV042G Dual Gigabit WAN VPN Routers RV082 Dual WAN VPN Routers. According to Cisco, a successful exploit could allow the attacker to bypass authentication and gain root access to the underlying operating system. Cisco has not released software updates to address the vulnerabilities at this time and has declared no intention of patching these flaws. There are no workarounds that address these vulnerabilities, meaning security teams should be on alert and watch these devices carefully. While not an authorized Cisco workaround, disabling remote management and blocking access to ports 443 and 60443 is a workaround that prevents exploitation of the flaws. Cisco ended support for the RV082 and RV016 in 2021, and software maintenance ended for the RV042 and RV042G in the same year – but the hardware will be supported until 2025.

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

https://siliconangle.com/2023/01/11/cisco-warns-customers-critical-vulnerabilities-small-business-routers/

https://www.theregister.com/AMP/2023/01/13/cisco_smb_critical_router_flaw_no_fix/