Cisco patches critical vulnerabilities in SME routers – Networking – Security – Software
Buyers of Cisco’s RV sequence of little to medium-sized business routers are recommended to patch their devices urgently to correct a number of significant vulnerabilities.
The vulnerabitilies make it possible for attackers to operate arbitrary code and commands on the routers, as effectively bypass person authentication and cause denial-of-services scenarios.
Attackers can also elevate person privileges and fetch and run unsigned software by exploiting the vulnerabilities, Cisco said.
Cisco has released patches for vital severity vulnerabilities affecting RV Collection Routers. Read more at https://t.co/CgL7mAccYo. #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) February 3, 2022
Three of the vulnerabilities are rated at the whole 10. on the Popular Vulnerabilities Scoring Procedure (CVSS).
Cisco stated the subsequent routers need to have patching:
- RV160 VPN
- RV160W Wireless-AC VPN
- RV260 VPN
- RV260P VPN routers with PoE
- RV260W Wireless-AC VPN
- RV340 Dual WAN Gigabit VPN
- RV340W Twin WAN Gigabit Wireless-AC VPN
- RV345 Twin WAN Gigabit VPN
- RV345P Twin WAN Gigabit POE VPN
In addition, the RV340, RV340W, RV345 and RV345P equipment also have some of the vulnerabilities in Cisco’s stability advisory, and require patching.
No workarounds are available for the vulnerabilities, Cisco mentioned.