REDLEGG BLOG

Emergency Vulnerability Bulletin - 01/13/23

1/13/23 12:00 PM  |  by RedLegg Blog

About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.

VULNERABILITIES

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Authentication Bypass Vulnerability

Identifier: CVE-2023-20025
Exploit or POC: Yes (Proof of Concept Exploit Code Available)
Update: Affected products have reached end-of-life (EoL). Vendor will not be releasing updates for the indicated vulnerability. See Cisco Security Advisories for more information:  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5#workarounds:~:text=Block%20Access%20to%20Ports%20443%20and%2060443

Description: CVE-2023-20025 allows for authentication bypass. Authentication is not required for successful exploitation. This vulnerability could allow an adversary to send a crafted HTTP request to the web-based management interface, thereby securing root access on the underlying operating system. 

Mitigation recommendation: The affected products have reached end-of-life. Vendor will not be releasing any updates for the indicated vulnerability. No workarounds available. 

RedLegg Action:  None at this time.

CentOS Web Panel 7 Unauthenticated Remote Code Execution Vulnerability

Identifier: CVE-2022-44877
Exploit or POC: Yes (Proof of Concept Exploit Code Available)

Update:  https://control-webpanel.com/changelog#1669855527714-450fb335-6194

Description: CVE-2022-44877 allows for remote code execution. Successful exploitation could allow an adversary to arbitrarily send OS commands using shell metacharacters in the login parameter. This vulnerability allows bash commands to be run because of the use of double quotes to log incorrect entries to the system.

Mitigation recommendation: Patching is currently the only method of mitigation.  

RedLegg Action:  None at this time.

 

Critical Security Vulnerabilities Bulletin