Improper Authentication in Cisco Systems, Inc products - CVE-2023-20025
Published: January 11, 2023
Vulnerability identifier: #VU71096
CSH Severity: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2023-20025
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco RV016 Multi-WAN VPN Router
Cisco RV042 Dual WAN VPN Router
Cisco RV042G Dual Gigabit WAN VPN Router
Cisco RV082 Dual WAN VPN Router
Cisco RV016 Multi-WAN VPN Router
Cisco RV042 Dual WAN VPN Router
Cisco RV042G Dual Gigabit WAN VPN Router
Cisco RV082 Dual WAN VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the web-based management interface. A remote non-authenticated attacker can send a specially crafted HTTP request, bypass authentication process and execute arbitrary code as root on the affected device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.