Summary
Cisco security updates address multiple vulnerabilities, including 4 “high” severity and 2 “critical” severity vulnerabilities in multiple products.
Note: The vendor states that a Proof of Concept (PoC) for exploitation of CVE-2023-20025 and CVE-2023-20026 is available online.
Note: CVE-2023-20118 is actively being exploited online.
Note: The vendor states that CVE-2023-20025 and CVE-2023-20026 are actively being exploited online.
Risk
Vulnerability Impact Estimated on the Target Community: Critical (78.2)
Type
- Remote Code Execution
- Authentication Bypass
- Information Disclosure
- Denial of Service
Affected Products and Versions
Cisco
- Router Small Business RV016, RV042, RV042G e RV082 Routers
- Web Management Interface di IP Phone serie 7800 e 8800
- Industrial Network Director
- BroadWorks Application Delivery Platform e Xtended Services Platform
- Router RV340, RV340W, RV345 e RV345P
- Router Small Business RV160 e RV260
- TelePresence Collaboration Endpoint e RoomOS Software
- Network Services Orchestrator
- Webex Room Phone e Cisco Webex Share
- CX Cloud Agent
- Unified Intelligence Center
- BroadWorks Application Delivery Platform
Mitigation actions
In line with the vendor’s statements, it is recommended to apply the available mitigations following the indications reported in the security bulletins reported in the References section.
As indicated by the vendor, only the indicators detected by external researchers with severity “high” and “critical” are reported.
| CVE | |
|---|---|
| CVE-2023-20018 | CVE-2023-20038 |
| CVE-2023-20020 | CVE-2023-20118 |
| CVE-2023-20025 | |
| CVE-2023-20026 | |
| CVE-2023-20037 |
References
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
