Vulnerability

Cisco Will Not Fix Authentication Bypass Flaw Affecting Multiple Small Business VPN Routers

by Esmeralda McKenzie
written by Esmeralda McKenzie
Cisco Will Not Fix Authentication Bypass Flaw Affecting Multiple Small Business VPN Routers

Cisco Will Not Fix Authentication Bypass Flaw Affecting Multiple Small Business VPN Routers

Cisco Will No longer Repair Authentication Bypass Flaw

The vulnerability tracked as (CVE-2022-20923) in the IPSec VPN Server authentication functionality of Cisco Little Industry RV110W, RV130, RV130W, and RV215W Routers would possibly presumably no longer be patched since the gadgets include reached terminate-of-lifestyles (EoL).

Basically primarily based on the protection advisory revealed by Cisco, “It permits an unauthenticated, distant attacker to circumvent authentication controls and salvage entry to the IPSec VPN community”.

The vulnerability stems due to the inferior implementation of the password validation algorithm. So an attacker would possibly presumably exploit this vulnerability by logging in to the VPN from an affected instrument with “crafted credentials”.

On this case, the attackers extinguish privileges that are the the same stage as an administrative user, looking on the crafted credentials that are aged.

Cisco has no longer released patches that tackle this vulnerability. There are no workarounds that tackle this vulnerability.

Affected Merchandise

This vulnerability impacts the Cisco Little Industry RV Series Routers if the IPSec VPN Server feature is enabled:

  • RV110W Wi-fi-N VPN Firewall
  • RV130 VPN Router
  • RV130W Wi-fi-N Multifunction VPN Router
  • RV215W Wi-fi-N VPN Router

Log in to the fetch-primarily based management interface and decide VPN > IPSec VPN Server > Setup, to build up out whether or no longer the IPSec VPN Server feature is configured on a instrument.

Upgrade To More fresh Router Models

“Cisco has no longer released and is no longer any longer going to liberate instrument updates to accommodate the vulnerability described on this advisory”.

“Cisco Little Industry RV110W, RV130, RV130W, and RV215W Routers include entered the highest-of-lifestyles route of”, the firm added.

Cisco advises emigrate to Cisco Little Industry RV132W, RV160, or RV160W Routers. Extra, on a on daily basis basis stumble upon the advisories for Cisco merchandise, which will most doubtless be found from the Cisco Security Advisories page, to build up out exposure and a complete upgrade resolution. Particularly, CVE-2022-20923 is no longer any longer the main excessive security vulnerability affecting these EoL router units that Cisco left unpatched in most smartly-liked years.

Gather Free SWG – Proper Internet Filtering – Guide

Source credit : cybersecuritynews.com

Related Posts

CISA Warns of GeoServer RCE Vulnerability Under Active...

PoC Exploit Released for macOS Root Access Vulnerability

Korenix JetlO 6550 Vulnerability Lets Attackers Gain Unauthorized...

Hackers Exploit Pre-Authentication RCE Vulnerabilities in Adobe ColdFusion

Linux Kernel Use-After-Free RCE Vulnerability Let Attackers Execute...

Critical Flaw in Passwordstate Enterprise Password Manager Let...

13 New Vulnerabilities in BMC Firmware Let Hackers...

Sandbreak – A Critical Remote Code Execution Bug...

Critical Amazon Ring Flaw Could Allow Attackers to...

New Google Chrome 0-Day Vulnerability Exploited in the...