CVE-2023-20045

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV160 and RV260 Series VPN Routers (affected versions not specified) Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W (affected versions not specified)

Description A vulnerability in the web-based management interface of the affected devices could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This issue is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges. The attacker must have valid Administrator-level credentials on the affected device to exploit this vulnerability.

Recommendations For Cisco Small Business RV160 and RV260 Series VPN Routers, update the software to a version that fixes the vulnerability, if available. For Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W, update the software to a version that fixes the vulnerability, if available. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict access to the affected devices to only necessary personnel to reduce the attack surface.