Cisco VPN Routers: 19,000 Devices Left Exposed to Remote Command Execution Exploit Chain

by | Jan 24, 2023 | News

Post Views: 998

Premium Content

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Over 19,000 end-of-life Cisco VPN routers are exposed to attacks targeting a remote command execution exploit chain.

The exploit is able to chain two security flaws that were disclosed recently, allowing threat actors to bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

The vulnerability is considered to be critical, and Cisco’s Product Security Incident Response Team is aware of proof-of-concept exploit code that is available in the wild.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

No patches from Cisco

Despite this, Cisco has stated that it will not release software updates that address this vulnerability. Currently, Cisco has not found any evidence to suggest that the exploit is being used in any attacks.

However, users can still secure their devices by disabling the web-based management interface and blocking access to ports 443 and 60443. This will prevent exploitation attempts from being successful.

Trending: Recon Tool: Shotlooter

Cisco has done it again

This is not the first time Cisco has left a critical vulnerability unpatched, as it also did not fix a critical auth bypass flaw affecting multiple EoL routers in September, instead advising users to switch to RV132W, RV160, or RV160W routers that are still under support.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link