CVE-2023-20118

Published Apr 13, 2023

Last updated 2 days ago

Exploit knownCVSS medium 6.5

Overview

Description
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section. {{value}} ["%7b%7bvalue%7d%7d"])}]]
Source
psirt@cisco.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Cisco Small Business RV Series Routers Command Injection Vulnerability
Exploit added on
Mar 3, 2025
Exploit action due
Mar 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@cisco.com
CWE-77
nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    11 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    10 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    10 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    9 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Cisco Small Business Routers Vulnerabilities (CVE-2023-20025 and CVE-2023-20026 and CVE-2023-20118) #Cisco #CiscoSmallBusinessRouter #CVE202320025 #CVE202320026 #CVE202320118 #CyberSecurity https://t.co/Bu3I1fbM1h https://t.co/tyFIYvwMOh

    @SystemTek_UK

    8 Mar 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    8 Mar 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    7 Mar 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Cybersecurity guy here. The NIST and federal government is hiding the fact that the entire internet is comprised. Chaining exploits has created a HUGE vulnerability CVE-2018-8639, CVE-2023-20118, CVE-2023-20025… don’t believe me? Look it up @elonmusk @teameffujoe @JackPosobiec

    @erickman1979

    7 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    7 Mar 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CISAは、既知の悪用されている脆弱性カタログに新たに5つの脆弱性を追加したことを発表しました。 ・CVE-2023-20118 ・CVE-2022-43939 ・CVE-2022-43769 ・CVE-2018-8639 ・CVE-2024-4885 https://t.co/Exu8c4xTLv https://t.co/qxdw1Rse1y

    @t_nihonmatsu

    5 Mar 2025

    231 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    5 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-20118 #Cisco Small Business RV Series Routers Command Injection Vulnerability https://t.co/OCaeTIObA4

    @ScyScan

    4 Mar 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA has added five critical vulnerabilities to its KEV catalog, with CVE-2018-8639 and CVE-2023-20118 exploited in the wild. Concerns grow over the agency's slow response. ⚠️ #CISACatalog #WindowsExploits #USA link: https://t.co/WpuiarTsDL https://t.co/fWRD4EuwUT

    @TweetThreatNews

    4 Mar 2025

    115 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️ Vulnerability Alert: Cisco and Hitachi Vulnerabilities 📅 Timeline: Disclosure: 2025-03-03, Due Date: 2025-03-24 📌 Attribution: Cisco Security Team, Hitachi Security Research, and CISA advisories 🆔 cveId: CVE-2023-20118 📊 baseScore: 7.2 📏 cvssMetrics:… https://t.co/0JRS

    @syedaquib77

    4 Mar 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA has identified vulnerabilities CVE-2023-20118 and CVE-2018-8639 in Cisco and Windows systems as actively exploited. CVE-2023-20118 allows command execution on specific VPN routers via an authentication bypass (CVE-2023-20025). https://t.co/q4hhOQPpoN

    @securityRSS

    4 Mar 2025

    51 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  16. ⚠️ Vulnerability Alert: Cisco Small Business Router Vulnerability 📅 Timeline: Disclosure: 2023-04-13, Due Date: 2025-03-24 📌 Attribution: 🆔cveId: CVE-2023-20118 📊baseScore: 6.5 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N cvssSeverity: Medium 🟡… https://t

    @syedaquib77

    4 Mar 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. ⚠️ Vulnerability Alert: Cisco and Windows Vulnerabilities 📅 Timeline: Disclosure: 2025-03-03 🆔cveId: CVE-2023-20118, CVE-2018-8639 📊baseScore: 7.2 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity: Actively Exploited… htt

    @syedaquib77

    4 Mar 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    3 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. CISA has alerted US federal agencies to secure Cisco and Windows systems against actively exploited vulnerabilities. The flaws include CVE-2023-20118, allowing command execution on certain routers, and CVE-2018-8639, a Win32k elevation of privilege bug in Windows. #Security https

    @Strivehawk

    3 Mar 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. CISA alerts US federal agencies about actively exploited vulnerabilities in Cisco and Windows systems. Addressing CVE-2023-20118 & CVE-2018-8639 is crucial for security by March 23. ⚠️🇺🇸 #CISAAlert #CyberRisks #USSecurity link: https://t.co/EKe5YhvAfA https://t.co/oiCJ0mdy

    @TweetThreatNews

    3 Mar 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    2 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    1 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    28 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. PolarEdge: botnet IoT avanzata che sfrutta vulnerabilità nei router Sicurezza Informatica, attacchi TLS, botnet, cisco, CVE-2023-20118, cyber spionaggio, device, edge, IoT, malware, minacce, PolarEdge, router https://t.co/WEJMjNOkX6 https://t.co/KPEMQhGDSu

    @matricedigitale

    28 Feb 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 PolarEdge botnet exploits CVE-2023-20118 in Cisco routers, hijacking ASUS, QNAP, & Synology devices. Global impact with advanced evasion tactics. #CyberSecurity #IoT #Botnet #Cisco #PolarEdge #NetworkSecurity #Infosec #TruBitX https://t.co/qmqfjcTex0

    @TruBitXOfficial

    27 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. برای روتر های سیسکو مدل Small Business آسیب پذیری با کد شناسایی CVE-2023-20118 و از نوع RCE منتشر شده هکرها با استفاده از این آسیب پذیری در قسمت احراز هویت پنل مدیریتی وب این نوع روتر ها می باشد می تواند کامند برروی روتر اجرانموده وبرای persistenceکردنwebshellنیز بارگزاری کنند. h

    @cybernetic_cy

    27 Feb 2025

    104 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. برای روتر های سیسکو مدل Small Business آسیب پذیری با کد شناسایی CVE-2023-20118 و از نوع RCE منتشر شده است. هکر می تواند کامند بر روی روتر اجرا نموده و برای persistence کردن webshell نیز بارگزاری کنند. https://t.co/Poz3aKYxT1 https://t.co/kbgfj1Orxo

    @AmirHossein_sec

    26 Feb 2025

    44 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. Over 2,000 IoT devices globally have fallen victim to the PolarEdge botnet, exploiting a Cisco router vulnerability (CVE-2023-20118) for remote access. An alarming trend in cybercrime! 🔒🌍 #Cisco #IoTThreats #France link: https://t.co/snJbRBsa96 https://t.co/zLywMIwT1l

    @TweetThreatNews

    26 Feb 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🔍 The PolarEdge botnet exposes vulnerabilities in Cisco routers, leveraging CVE-2023-20118 to execute remote commands and deploy web shells. Over 2,000 devices affected worldwide. 🌐 #Cisco #Botnet #USA link: https://t.co/BtdjAq2iK0 https://t.co/C41bRJFQSK

    @TweetThreatNews

    25 Feb 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References