Cisco has warned customers of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers.
The security flaw (tracked CVE-2023-20025) has been found in the web-based management interface of Cisco Small Business (SMB) RV016, RV042, RV042G and RV082 routers provided by Hou Liuyang of Qihoo 360 Netlab.
“[These vulnerabilities] could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device,” Cisco wrote.
According to Bugcrowd CTO Casey Ellis, SMB routers are widely deployed, and in a post-COVID hybrid/work-from-home world, the new Cisco vulnerability could impact thousands of devices.
“Branch offices, [common operating environments], and even home offices are potential users of the vulnerable product,” Ellis explained.
“Financially motivated attackers would be interested because of the raw quantity of these devices that are out there, and nation-states would likely pay attention because of the size and criticality of potential users.”
Further, the executive believes the vulnerability is also an attractive target from a technical point of view.
“As an attacker, if you manage to get RCE [remote code execution] on core routing or network infrastructure, your ability to move laterally increases exponentially.”
Mike Parkin, a senior technical engineer at Vulcan Cyber, echoed Ellis’ point, adding that the models affected by these vulnerabilities still see reasonably widespread usage, though they are all officially EoL.
“The challenge will be that these devices are typically found in small businesses with limited resources or used by individuals who may not have the budget to replace them,” Parkin warned.
“Unfortunately for them, Cisco is not going to fix this, so anyone who still has one of these in service should strongly consider replacing them with a newer kit sooner rather than later.”
Cisco confirmed it had not released software updates to address the vulnerabilities and that no workarounds address these vulnerabilities.
The flaw comes weeks after Krishna C. Tata, manager of security risk and architecture at Cisco, discussed the challenges of different security compliance frameworks.