1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cisco routers suffer from multiple maximum severity security bugs

    From TechnologyDaily@1337:1/100 to All on Mon Feb 7 13:00:04 2022
    Cisco routers suffer from multiple maximum severity security bugs

    Date:
    Mon, 07 Feb 2022 12:48:41 +0000

    Description:
    Cisco says the only way to fix the issue is to patch the routers immediately.

    FULL STORY ======================================================================

    Five critical vulnerabilities have been discovered affecting four widely-used families of Cisco routers . Three of the five have a 10/10 rating on the Common Vulnerability Scoring System, meaning they could be heavily exploited for the most damaging of activities.

    The Register claims Cisco itself revealed the critical bugs, issuing patches for only two router families, while the fixes for the other two are still pending. Dates when the remaining fixes might be available were unknown at press time.

    The routers that are affected by the flaws are usually used by small businesses , and include the RV160, RV260, RV340, and RV345 mdels. Elevation of privileges

    Among the possibilities for malicious actors exploiting these flaws are arbitrary code and command execution, elevation of privileges, running unsigned software, circumventing authentication, and assimilating the devices into a botnet for Distributed Denial of Service (DDoS) attacks.

    The discovered vulnerabilities include:

    CVE-2022-20699

    CVE-2022-20700

    CVE-2022-20701

    CVE-2022-20702

    CVE-2022-20708

    So far, RV340 and RV345 have been patched, while RV160 and RV260 are yet to get their code. Read more

    Cisco will not patch serious security hole in its old VPN routers



    Cisco fixes major security flaw affecting VPN routers



    Cisco says it's fixed flaw affecting multiple small business VPN routers

    To make matters even worse, Cisco said that a proof-of-concept exploit code
    is already available for some of the disclosed vulnerabilities. This is particularly worrying as many small businesses dont have their own tech support, meaning these routers could go for months, years even, without being patched.

    Following the news, cybersecurity experts from Tenable took to Shodan to scan the internet for vulnerable routers and found more than 8,000 affected devices. The good news is that so far, an exploit is yet to pop up on a
    public repository.

    Cisco also said that there are no workarounds for these issues, and that installing the patch will be the only way to protect the device, and the network it powers, from malicious actors. You might also want to check out
    our list of the best powerline adapters available now

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/cisco-routers-suffer-from-multiple-maximum-seve rity-security-bugs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)