Cisco has disclosed two critical vulnerabilities in a number of small business routers, along with high-severity vulnerabilities in three other products.
In its first patch release for 2023, the networking giant said its RV016, RV042, RV042G and RV082 routers are vulnerable to an authentication bypass bug (CVE-2023-20025) and a remote command execution (RCE) bug (CVE-2023-20026).
The authentication bypass can be exploited by sending crafted HTTP packets to the management interface, giving the attacker root access to the target system.
The RCE bug is similar, but can only be exploited by a remote attacker who has admin credentials on the affected system.
Cisco said it is aware of proof-of-concept code for the vulnerabilities.
The affected units are approaching end-of-life and won’t be patched. However, admins can disable remote management and block access to TCP/IP ports 443 and 60443.
Cisco’s IP Phone 7800 and 8800 series need patching against CVE-2023-20018, a high-severity bug in remote management that gives unauthenticated, remote attackers access to parts of the web interface that would normally require authentication.
The company’s Industrial Network Director software is subject to two high-severity vulnerabilities.
CVE-2023-20037 allows attackers to execute stored cross-site scripting attacks.
Cisco’s advisory attributes the vulnerability to “improper validation of content that is submitted to the affected application”, and said it “could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information”.
CVE-2023-20038 is a static private key in the software’s monitoring application. A local, authenticated attacker could use that key “decrypt local data or access remote systems monitored by Cisco IND”.
Two Broadworks platforms, the application delivery platform and the Xtended services platform, need patching against CVE-2023-20020, a denial of service vulnerability.
An input validation error would allow a remote, unauthenticated attacker send a “sustained stream of crafted requests” to their target.
“A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition”, the advisory stated.
The company also disclosed a further 10 medium-severity vulnerabilities in a range of products.