We previously wrote about two critical vulnerabilities that Cisco does not want to eliminate Cisco. We are talking about vulnerabilities CVE-2023-20025 and CVE-2023-2002. By uniting them, attackers can bypass authentication and perform arbitrary commands in the basic operating system of the Cisco Small Business RV016, RV042, RV042G and RV082.
.
Cisco evaluated CVE-2023-20025 as critical and stated that her response group to incidents related to product safety (PSIRT), aware of POC exploits are usually classified and called by: type of vulnerability that they use; whether they are local or remote; as well as the result of the start of exploit (for example, EOP, DOS, Spulting). One of the schemes offering explosion of zero day is Exploit-A-A-Service.