It has been detected that more than 19,000 Cisco VPN router devices are exposed to remote code execution (RCE) attacks due to the completion of their lifespan. These devices no longer receive security updates from Cisco, leaving them vulnerable to attacks.
On January 11, 2023, details about a critical security vulnerability affecting the Cisco Small Business router series were released. The vulnerability, identified by the code CVE-2023-20025, occurs due to insufficient authentication on the web-based management tool, allowing unauthorized threat actors to bypass authentication controls and gain administrative privileges to execute arbitrary commands on the vulnerable system.
The vulnerability affects four different Cisco Small Business router models: RV016, RV042, RV042G, and RV082. Cisco has stated in a released advisory that they will not be issuing software updates to address the vulnerability, as the affected models have reached the end of their lifespan, and no temporary solution to address the vulnerability has been found. Studies on the Censys scan engine have observed that approximately 20,000 devices are vulnerable to potential attacks using this vulnerability.
Cisco has published a list of devices that have the potential to be affected by the attacks. Cisco router users are advised to check if their devices are on the list of affected devices and upgrade to a newer, supported version as soon as possible. Additionally, users are recommended to implement network segmentation and utilize firewall solutions to help reduce potential attacks.