Cisco says it's spotted more security flaws in its SMB routers

A high-severity vulnerability has been discovered in a number of Cisco routers which allows threat actors to bypass authentication, gain r...

A high-severity vulnerability has been discovered in a number of Cisco routers which allows threat actors to bypass authentication, gain root access to the endpoint, and even launch arbitrary commands on the underlying operating system in the second stage of the attack.

The news comes courtesy of Cisco itself, which said it wouldn’t be addressing the flaw given that it was discovered in endpoints that have reached end of life. The flaw, tracked as CVE-2023-20025, affects Cisco Small business RV016, RV042, RV042G, and RV082 routers. By sending a custom-built HTTP request to the web-based management interface of the vulnerable routers, the attackers could bypass the device’s authentication and remotely exploit it. 

The attackers would then be able to leverage a second vulnerability, also newly disclosed CVE-2023-2002, to execute arbitrary commands on the device’s operating system. 

Blocking important ports

The bugs are rated as “critical”, but Cisco will not be addressing it, mostly because the devices in question are no longer supported by the company. However, BleepingComputer found that RV042 and RV042G routers were available for sale until January 30, 2020, and will be enjoying the company’s support until January 31, 2025. 

There are no workarounds for the flaw, but admins can disable the routers’ web-based management interface, or block access to ports 443 and 60443, which would help block potential attacks.

This is not the first time Cisco decided not to fix critical authentication bypass vulnerabilities. In September, BleepingComputer reminds, a similar flaw was discovered plaguing RV110W, RV130, RV130W, and RV2015W EoL. At the time, Cisco suggested customers move to RV132W, RV160, and RV160W.

In June, a critical remote code execution (RCE) flaw (tracked as CVE-2022-20825) was found and left unchecked. 

Routers are a crucial component in data transit, and as such, are a major target for cybercriminals. Therefore, it’s not uncommon for cybersecurity researchers and OEMs to regularly find, and patch, high-severity flaws. However, unpatched flaws can wreak havoc on a network, as threat actors don’t have to discover new vulnerabilities themselves - they can just leverage what’s already common knowledge.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/PhJdFlg
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,24954,TrendlyNews,9,Video,5,XIAOMI,13,YouTube - 9to5Google,8,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Cisco says it's spotted more security flaws in its SMB routers
Cisco says it's spotted more security flaws in its SMB routers
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/cisco-says-its-spotted-more-security.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/cisco-says-its-spotted-more-security.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy