CISCO published a firmware release 1.0.01.02 fixing multiple vulnerabilities in its Small Business VPN routers.
- CISCO fixed multiple vulnerabilities in its Small Business RV-series routers, as well as some in its Internetworking Operating System (IOS) XR software.
- The most critical of these flaws affect the Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN routers with firmware release earlier than 1.0.01.02. They could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
- Note, some of the older CISCO VPN routers won’t have an update available, as they are no longer supported.
Why it’s important
- CISCO is not aware of any attempts to abuse these flaws for malicious purposes, but as the details are now public, exploitation by malicious actors may be on a way.
- We recommend reviewing the list of products affected and applying updates using guidance in the References section below.