Cisco won’t fix CVE-2023-20117 & CVE-2023-20128 in Small Business RV320 and RV325 VPN Routers

CVE-2023-20117

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers have been found to have multiple security vulnerabilities in their web-based management interface. These vulnerabilities, identified as CVE-2023-20117 and CVE-2023-20128, could allow an authenticated, remote attacker to inject and execute arbitrary commands on the affected device’s underlying operating system.

CVE-2023-20117 and CVE-2023-20128: Command Injection Vulnerabilities in Cisco RV320 and RV325 VPN Routers (CVSS score of 7.2)

The vulnerabilities found in the web-based management interface of Cisco RV320 and RV325 VPN Routers are caused by insufficient validation of user-supplied input. Attackers can exploit these vulnerabilities by sending malicious input to an affected device. Successful exploitation could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device.

To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. These vulnerabilities specifically affect Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers. Cisco has acknowledged Wu Yuze and Wang Jincheng for reporting CVE-2023-20117 and Wang Jincheng from X1cT34m Laboratory of Nanjing University of Posts and Telecommunications for reporting CVE-2023-20128.

Unfortunately, Cisco has not released any software updates to address these vulnerabilities. Because the devices have reached end-of-life (EoL). There are no workarounds that address these vulnerabilities directly.

Luckily, Cisco says that its Product Security Incident Response Team (PSIRT) found no evidence of publicly available proof-of-concept exploits for these flaws or any threat actors exploiting the bugs in the wild until the advisory was published.

Recommendations from Cisco:

Since there are no software updates or workarounds available, Cisco recommends disabling the Remote Management feature to reduce exposure to these vulnerabilities. The Remote Management feature is disabled by default.

If you have enabled the Remote Management feature on your Cisco RV320 or RV325 VPN Routers, it is crucial to disable it immediately to mitigate the risk posed by these vulnerabilities. Organizations must stay vigilant and continuously monitor for updates or announcements from Cisco regarding these vulnerabilities.