#VU67072 Incorrect implementation of authentication algorithm in Cisco Systems, Inc products - CVE-2022-20923
Published: September 8, 2022
Vulnerability identifier: #VU67072
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-20923
CWE-ID: CWE-303
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RV110W Wireless-N VPN Firewall
Cisco Small Business RV130 Series VPN Routers
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router
RV110W Wireless-N VPN Firewall
Cisco Small Business RV130 Series VPN Routers
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the password validation algorithm in IPSec VPN Server authentication functionality. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the IPSec VPN network.
Remediation
The affected routers are no longer supported by the vendor and Cisco will not release any security patches to address this vulnerability. It is recommended to replace the affected devices.