Security News > 2022 > September > Cisco won’t fix authentication bypass zero-day in EoL routers

Cisco won’t fix authentication bypass zero-day in EoL routers
2022-09-07 17:05

Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life.

"A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network," Cisco explained in a security advisory issued on Wednesday.

Cisco asked customers still using the RV110W, RV130, RV130W, and RV215W routers affected by this security vulnerability to upgrade to newer models still receiving security updates.

According to an end-of-sale announcement on Cisco's website, the last day these RV Series routers were available for order was December 2, 2019.

"Customers are encouraged to migrate to Cisco Small Business RV132W, RV160, or RV160W Routers."

CVE-2022-20923 is not the first severe security vulnerability affecting these EoL router models that Cisco left unpatched in recent years.


News URL

https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-authentication-bypass-zero-day-in-eol-routers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-08 CVE-2022-20923 Improper Authentication vulnerability in Cisco products
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.
network
low complexity
cisco CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751