Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
January 24, 2023 - TuxCare expert team
A remote attacker could exploit multiple vulnerabilities in four Cisco small business routers to bypass authentication or execute arbitrary commands on an affected device.
The flaws, which could affect Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, could allow an unauthenticated remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device, according to the company.
According to Cisco’s alert, this vulnerability is caused by improper validation of user input within incoming HTTP packets. An attacker could take advantage of this flaw by sending a specially crafted HTTP request to the web-based management interface. If the exploit is successful, the attacker may be able to bypass authentication and gain root access to the underlying operating system.
The security flaw, identified as CVE-2023-20025 (CVSS score of 9.0), affects the web-based management interface of the routers and could be exploited to bypass authentication. Because user input within incoming HTTP packets is not properly validated, an attacker can send crafted HTTP requests to the router, bypassing authentication and gaining root access to the operating system.
A successful compromise could, among other things, allow cyberattackers to eavesdrop on or hijack VPN and session traffic flowing through the device, gain a foothold for lateral movement within a company’s network, or run cryptominers, botnet clients, or other malware.
The first bug is a critical-rated authentication bypass issue (CVE-2023-20025) that exists in the devices’ Web management interface and has a CVSS severity rating of 9 out of 10.
Meanwhile, the second flaw, CVE-2023-20026, can allow remote code execution (RCE) with the caveat that an attacker would need valid administrative credentials on the affected device to be successful, so the bug is rated medium, with a CVSS score of 6.5.
They both affect all RV016, RV042, RV042G, and RV082 routers that have reached end of life (EoL). As a result, the appliances no longer receive security updates, according to a Jan. 11 advisory from the networking giant.
The advisory noted that both bugs are “due to improper validation of user input within incoming HTTP packets,” so an attacker needs only to send a crafted HTTP request to the Web-based management interface to gain root access on the underlying operating system.
The sources for this piece include an article in DarkReading.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
In a notable IcedID malware attack, the assailant impacted the...
Bitdefender experts have created a universal decryptor for victims of...