Cisco Vulnerability in Discontinued Small Business Routers - 20240408002

Overview

Cisco has released a security advisory to address a Critical vulnerability in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. Vulnerability could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.

What is vulnerable?

Product(s) Affected	CVE	Severity	CVSS
RV016 Multi-WAN VPN Routers RV042 Dual WAN VPN Routers RV042G Dual Gigabit WAN VPN Routers RV082 Dual WAN VPN Routers RV320 Dual Gigabit WAN VPN Routers RV325 Dual Gigabit WAN VPN Routers	CVE-2024-20362	Medium	6.1

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Additional References

• Cisco RV Series Small Business Routers (cisco.com)
• Vulnerability in the web-based management interface of Cisco Small Business (tenable.com)