PatchSiren cyber security CVE debrief
CVE-2023-20118 Cisco CVE debrief
CVE-2023-20118 is a Cisco Small Business RV Series Routers command injection vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2025-03-03. KEV inclusion means CISA has confirmed known exploitation and set a remediation due date of 2025-03-24. The supplied source metadata does not provide a CVSS score, so prioritization here is driven by KEV status and the affected product class rather than a numeric severity rating.
- Vendor
- Cisco
- Product
- Small Business RV Series Routers
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-03-03
- Original CVE updated
- 2025-03-03
- Advisory published
- 2025-03-03
- Advisory updated
- 2025-03-03
Who should care
Security teams, network administrators, and incident responders responsible for Cisco Small Business RV Series Routers should treat this as urgent. Organizations that cannot quickly apply vendor mitigations should plan for product discontinuation per CISA guidance if no effective mitigation is available.
Technical summary
The supplied CISA KEV metadata identifies the issue as a command injection vulnerability in Cisco Small Business RV Series Routers. The KEV record lists the product as actively exploited, with known ransomware campaign use marked as Unknown. CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Defensive priority
Urgent
Recommended defensive actions
- Confirm whether any Cisco Small Business RV Series Routers are in use, including edge, branch, and remote-office deployments.
- Review Cisco’s vendor mitigation guidance referenced by the CISA KEV entry and apply it as soon as possible.
- Prioritize remediation before the CISA due date of 2025-03-24 for KEV-listed vulnerabilities.
- If effective mitigations are unavailable, follow CISA guidance to discontinue use of the product.
- Validate exposure status, then monitor for anomalous router behavior and unauthorized configuration changes.
- Use the official CVE, NVD, and CISA KEV records to coordinate patching and internal tracking.
Evidence notes
All substantive facts in this debrief come from the supplied CISA KEV source item metadata and the official record links provided in the prompt. The source metadata identifies the vendor as Cisco, the product as Small Business RV Series Routers, the vulnerability as a command injection issue, the KEV dateAdded as 2025-03-03, the dueDate as 2025-03-24, and knownRansomwareCampaignUse as Unknown. The source metadata also references an official Cisco advisory and NVD entry, but no additional claims were made beyond the supplied metadata.
Official resources
-
CVE-2023-20118 CVE record
CVE.org
-
CVE-2023-20118 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
This debrief is limited to the supplied source corpus and official links. It intentionally avoids exploit instructions, weaponized reproduction, and unsupported technical claims.