Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws being exploited by attackers. About the vulnerabilities CVE-2023-20025 is an authentication bypass vulnerability in the web-based management interface of Cisco … More →

The post …

attackers authentication authentication bypass business bypass cisco code concept critical cve cve-2023-20025 cve-2023-20026 devices don't miss end end-of-life end of support exploit exploit code exploited fix flaws life medium poc poc exploit process proof-of-concept router routers series severity vulnerabilities vulnerability