25.03.2021 Cisco Products Affected by Multiple Flaws

by Elena Lapina

CISCO published a firmware release 1.0.01.02 fixing multiple vulnerabilities in its Small Business VPN routers.


Details

  • CISCO fixed multiple vulnerabilities in its Small Business RV-series routers, as well as some in itsĀ  Internetworking Operating System (IOS) XR software.
  • The most critical of these flaws affect the Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN routers with firmware release earlier than 1.0.01.02. They could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
  • Note, some of the older CISCO VPN routers won’t have an update available, as they are no longer supported.

 

Why it’s important

  • CISCO is not aware of any attempts to abuse these flaws for malicious purposes, but as the details are now public, exploitation by malicious actors may be on a way.
  • We recommend reviewing the list of products affected and applying updates using guidance in the References section below.

 

References:

CISCO, ThreatPost, ZDNet

 

Request Demo

Fill out the form and we will send you details about our demo.

COVID-19 – A message from our Chief Operating Officer