Cisco Alerts on Unpatched Vulnerability in Obsolete Small Business Routers

April 5, 2024

Cisco has issued an alert concerning an unpatched cross-site scripting (XSS) vulnerability in its discontinued RV series of small business routers. The flaw, identified as CVE-2024-20362, is remotely exploitable without authentication and affects the RV016, RV042, RV042G, RV082, RV320, and RV325 models. Despite these routers no longer receiving security updates due to their end-of-life (EoL) status, Cisco has not reported any instances of this vulnerability being exploited in the wild. However, the company has noted that there are no workarounds for this vulnerability and has urged users to transition to a supported product.

The issue arises from inadequate validation in the web interface of the affected products, which could allow attackers to launch XSS attacks by persuading users to visit a malicious webpage. This could potentially result in script execution or information leaks. It is worth noting that discontinued Cisco networking devices have previously been targeted in attacks.

Alongside this, Cisco has announced patches for several other vulnerabilities across its product range. This includes a high-severity flaw in the Nexus Dashboard Fabric Controller (NDFC) that could potentially enable unauthenticated, remote attackers to access arbitrary files. Identified as CVE-2024-20348, this vulnerability stems from an unauthenticated provisioning web server that can accept direct requests from a remote attacker. This could allow them to access sensitive files in the Plug and Play (PnP) container, potentially facilitating further attacks on the PnP infrastructure. The flaw affects NDFC version 12.1.3b with a default configuration, while versions 12.1.2 and earlier and 12.2.1 are not impacted.

In addition, Cisco has released patches for several medium-severity vulnerabilities in various other products including the TelePresence Management Suite, Nexus Dashboard, Nexus Dashboard Orchestrator, Identity Services Engine (ISE), Enterprise Chat and Email, Unified Communications Manager IM & Presence Service, and Emergency Responder. The company has stated that it is not aware of any of these vulnerabilities being actively exploited. More information can be found on Cisco’s security advisories page.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.