Security News > 2022 > September > Cisco won’t fix authentication bypass zero-day in EoL routers
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life.
"A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network," Cisco explained in a security advisory issued on Wednesday.
Cisco asked customers still using the RV110W, RV130, RV130W, and RV215W routers affected by this security vulnerability to upgrade to newer models still receiving security updates.
According to an end-of-sale announcement on Cisco's website, the last day these RV Series routers were available for order was December 2, 2019.
"Customers are encouraged to migrate to Cisco Small Business RV132W, RV160, or RV160W Routers."
CVE-2022-20923 is not the first severe security vulnerability affecting these EoL router models that Cisco left unpatched in recent years.
News URL
Related news
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-08 | CVE-2022-20923 | Improper Authentication vulnerability in Cisco products A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. | 9.8 |