Lucene search
HiveForce LabHIVEPRO:69845F6B9D2578E6B83A39D18D10A8D7HistoryJan 16, 2023 - 12:29 p.m.
Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution
2023-01-1612:29:55
HiveForce Lab
www.hivepro.com
17
cisco
small business routers
authentication bypass
remote code execution
vulnerabilities
web-based management interface
cve-2023-20025
cve-2023-20026
unauthenticated attacker
authenticated attacker
arbitrary commands
EPSS
0.003
Percentile
68.3%
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability (CVE-2023-20025) allows an unauthenticated attacker to bypass authentication on an affected device by manipulating user input in incoming HTTP packets. The remote command execution vulnerability (CVE-2023-20026) allows an authenticated attacker to execute arbitrary commands on an affected device by manipulating user input in incoming HTTP packets.
Related
thn
thn
Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
2023-01-14 04:11:00
cisco
cisco
nessus
nessus
nvd
nvd
CVE-2023-20026
2023-01-20 07:15:14
CVE-2023-20025
2023-01-20 07:15:14
cvelist
cvelist
CVE-2023-20025
2023-01-19 01:33:39
CVE-2023-20026
2023-01-19 01:33:26
cve
cve
CVE-2023-20025
2023-01-20 07:15:14
CVE-2023-20026
2023-01-20 07:15:14
prion
prion
Authentication flaw
2023-01-20 07:15:00
Input validation
2023-01-20 07:15:00