Rewterz Threat Advisory – CVE-2023-20020 – Cisco BroadWorks Application Delivery and Xtended Services Platform Vulnerability
January 12, 2023Rewterz Threat Advisory –CVE-2023-20007 – Cisco Dual WAN Gigabit VPN Routers Vulnerability
January 12, 2023Rewterz Threat Advisory – CVE-2023-20020 – Cisco BroadWorks Application Delivery and Xtended Services Platform Vulnerability
January 12, 2023Rewterz Threat Advisory –CVE-2023-20007 – Cisco Dual WAN Gigabit VPN Routers Vulnerability
January 12, 2023Severity
Medium
Analysis Summary
CVE-2023-20045
Small Business RV160 and RV260 Series VPN Routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user input. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands using root-level privileges on the device.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-20045
Affected Vendors
Cisco
Affected Products
- Cisco RV160 VPN Router
- Cisco RV260 VPN Routers
- Cisco RV260P VPN Router with PoE
- Cisco RV160W Wireless-AC VPN Routers
- Cisco RV260W Wireless-AC VPN Routers
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.