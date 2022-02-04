Cisco patches critical vulnerabilities in SME routers

By on
Cisco patches critical vulnerabilities in SME routers

Arbitrary code and command execution and other flaws fixed.

Users of Cisco's RV series of small to medium-sized business routers are advised to patch their equipment urgently to fix multiple critical vulnerabilities.

The vulnerabitilies allow attackers to run arbitrary code and commands on the routers, as well bypass user authentication and cause denial-of-service scenarios.

Attackers can also elevate user privileges and fetch and run unsigned software by exploiting the vulnerabilities, Cisco said.

Three of the vulnerabilities are rated at the full 10.0 on the Common Vulnerabilities Scoring System (CVSS).

Cisco said the following routers need patching:

  • RV160 VPN 
  • RV160W Wireless-AC VPN
  • RV260 VPN
  • RV260P VPN routers with PoE
  • RV260W Wireless-AC VPN
  • RV340 Dual WAN Gigabit VPN
  • RV340W Dual WAN Gigabit Wireless-AC VPN
  • RV345 Dual WAN Gigabit VPN
  • RV345P Dual WAN Gigabit POE VPN

In addition, the RV340, RV340W, RV345 and RV345P devices also contain some of the vulnerabilities in Cisco's security advisory, and need patching.

No workarounds are available for the vulnerabilities, Cisco said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco networking rv series security software

Sponsored Whitepapers

Fortinet Networking and Cybersecurity Adoption Index 2021
Fortinet Networking and Cybersecurity Adoption Index 2021
The 5 steps to effective data protection
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access

Events

Most Read Articles

Home Affairs says online account takeover powers now in use

Home Affairs says online account takeover powers now in use
Aussie Broadband presses for CVC-free 50Mbps NBN services

Aussie Broadband presses for CVC-free 50Mbps NBN services
Citrix Systems may be bought for $18.6 billion

Citrix Systems may be bought for $18.6 billion
Nvidia preparing to walk away from Arm acquisition

Nvidia preparing to walk away from Arm acquisition

Digital Nation

Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Highlights 2021: Automation drives marketing success but complexity torments delivery
Highlights 2021: Automation drives marketing success but complexity torments delivery
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking

Log In

Email:
Password:
  |  Forgot your password?