Author: Melodie Foster

Date: 5th February 2021

 

Patches have been rolled out by Cisco to fix multiple critical vulnerabilities in the web-based management interface of Small Business routers. The flaws could have potentially allowed an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.

These flaws have been given a CVSS score of 9.8 out of 10, making them critical. The impacted devices include RV160, RV160W, RV260, RV260P, and RV260W VPN routers that are running a firmware release earlier than 1.0.01.02.

Furthermore, patches have also been released for two other arbitrary file write flaws also affecting the same set of VPN routers listed above.

Cisco also released patches for bugs affecting RV016, RV042, RV042G, RV082, RV320, and RV325 routers which could have led to an attacker being able to inject arbitrary commands on the routers with root privileges. Finally, Cisco address 30 additional vulnerabilities also affecting the products just mentioned, which could have led to an attacker being able to execute arbitrary code and potentially cause a denial-of-service condition.

It is strongly recommended to upgrade your routers to the latest version to mitigate these risks[1].

[1] https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >