ClickCease Cisco warns of authentication bypass vulnerabilities in routers

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Cisco warns of authentication bypass vulnerabilities in routers

Obanla Opeyemi

January 24, 2023 - TuxCare expert team

A remote attacker could exploit multiple vulnerabilities in four Cisco small business routers to bypass authentication or execute arbitrary commands on an affected device.

The flaws, which could affect Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, could allow an unauthenticated remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device, according to the company.

According to Cisco’s alert, this vulnerability is caused by improper validation of user input within incoming HTTP packets. An attacker could take advantage of this flaw by sending a specially crafted HTTP request to the web-based management interface. If the exploit is successful, the attacker may be able to bypass authentication and gain root access to the underlying operating system.

The security flaw, identified as CVE-2023-20025 (CVSS score of 9.0), affects the web-based management interface of the routers and could be exploited to bypass authentication. Because user input within incoming HTTP packets is not properly validated, an attacker can send crafted HTTP requests to the router, bypassing authentication and gaining root access to the operating system.

A successful compromise could, among other things, allow cyberattackers to eavesdrop on or hijack VPN and session traffic flowing through the device, gain a foothold for lateral movement within a company’s network, or run cryptominers, botnet clients, or other malware.

The first bug is a critical-rated authentication bypass issue (CVE-2023-20025) that exists in the devices’ Web management interface and has a CVSS severity rating of 9 out of 10.

Meanwhile, the second flaw, CVE-2023-20026, can allow remote code execution (RCE) with the caveat that an attacker would need valid administrative credentials on the affected device to be successful, so the bug is rated medium, with a CVSS score of 6.5.

They both affect all RV016, RV042, RV042G, and RV082 routers that have reached end of life (EoL). As a result, the appliances no longer receive security updates, according to a Jan. 11 advisory from the networking giant.

The advisory noted that both bugs are “due to improper validation of user input within incoming HTTP packets,” so an attacker needs only to send a crafted HTTP request to the Web-based management interface to gain root access on the underlying operating system.

The sources for this piece include an article in DarkReading.

Summary
Cisco warns of authentication bypass vulnerabilities in routers
Article Name
Cisco warns of authentication bypass vulnerabilities in routers
Description
A remote attacker could exploit multiple vulnerabilities in four Cisco small business routers to bypass authentication.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023

Bitdefender releases decryptor for MegaCortex...

Bitdefender experts have created a universal decryptor for victims of...

January 20, 2023