Saturday, September 10, 2022

 

CISCO


Company refuses to confirm serious vulnerability of its oldest routers of the RV series

The American company Cisco says that it will not correct the zero-day vulnerability CVE-2022-20923 (cisco-sa-sb-rv-vpnbypass-Cpheup9O) in its routers, which allows circumventing authorization and obtaining access to the IPSec VPN network. This decision is due to the fact that the problem affects routers whose support period ended a long time ago.

The RV110W, RV130, RV130W and RV215W VPN routers for small businesses are supposedly at the end of their lives in 2019. As far as vulnerability is concerned, it is associated with a bug in the sensing algorithm. The vulnerability allows attackers to connect to a VPN network using specially crafted credentials, but only a non-router enabled IPSec VPN server.

“A successful vulnerability scan can allow an attacker to bypass authentication and gain access to the IPSec VPN. An invader can obtain privileges at the same level as an administrator, depending on the specially created credentials used”, he told Cisco in a statement.

The manufacturer did not only confirm the existence of the problem, as it also said that it did not intend to release a patch to correct the aforementioned vulnerability. Users who continue to use older router models are advised to purchase newer devices that continue to receive security updates. The company also observed that, at the moment, there are no signs that the CVE-2022-20923 vulnerability is being used by invaders in practice.

But this is not the only serious vulnerability in older Cisco products that was not fixed by the manufacturer due to the end of support. For example, in August 2021, the company announced that it did not intend to fix the critical vulnerability CVE-2021-34730 in the aforementioned routers, whose exploration could allow remote code execution with administrator rights. In June this year, a critical vulnerability similar to CVE-2022-20825 was discovered on the same devices. In all cases, Cisco recommends purchasing more recent devices.

AVnews

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  NOKIA Is Nokia 2780 Flip Still the Best Feature Phone of 2024 in the US? In an era dominated by smartphones, feature phones have carved ou...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...