Main Vulnerability Database SB2022090801

SB2022090801 - IPSec VPN authentication bypass in several Cisco RV routers

Published: September 8, 2022

Security Bulletin ID SB2022090801

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect implementation of authentication algorithm (CVE-ID: CVE-2022-20923)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the password validation algorithm in IPSec VPN Server authentication functionality. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the IPSec VPN network.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc57664
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc57666
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc57640