CVE-2023-20118 - Cisco Small Business RV Series Routers Command Injection Vulnerability

Vulnerability Name

Cisco Small Business RV Series Routers Command Injection Vulnerability

Description

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

https://nvd.nist.gov/vuln/detail/CVE-2023-20118

Related News Articles

Cisco warns of Webex for BroadWorks flaw exposing credentialsMarch 5, 2025

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds AlarmMarch 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploitedMarch 4, 2025