Vulnerability Description
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv016 Firmware | - |
| Cisco | Rv016 | - |
| Cisco | Rv042 Firmware | - |
| Cisco | Rv042 | - |
| Cisco | Rv042G Firmware | - |
| Cisco | Rv042G | - |
| Cisco | Rv082 Firmware | - |
| Cisco | Rv082 | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciMitigationVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciMitigationVendor Advisory
FAQ
What is CVE-2023-20025?
CVE-2023-20025 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an aff...
How severe is CVE-2023-20025?
CVE-2023-20025 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-20025?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv016 Firmware, Cisco Rv016, Cisco Rv042 Firmware, Cisco Rv042, Cisco Rv042G Firmware.