1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More Cisco SMB router ranges have serious security flaws

    From TechnologyDaily@1337:1/100 to All on Fri Aug 5 15:30:03 2022
    More Cisco SMB router ranges have serious security flaws

    Date:
    Fri, 05 Aug 2022 14:20:05 +0000

    Description:
    Three flaws, one with a severity score of 9.8, found in four series of Cisco SMB routers.

    FULL STORY ======================================================================

    Cisco has announced fixes for three major vulnerabilities found in four different series of its SMB routers .

    The flaws, should they be exploited, would have allowed threat actors to launch code remotely, or trigger denial of service attacks.

    Those that are unable to patch immediately are out of luck - there are no workarounds for these flaws, and the only way to mitigate the threat is to apply the fixes. High-severity flaws galore

    In Ciscos security advisory , the company said its Small Business RV160, RV260, RV340, and RV345 Series Routers were affected.

    The flaws include CVE-2022-20827, a web filter database update command injection vulnerability with a severity score of 9.0.

    This vulnerability is due to insufficient input validation, Cisco explains.
    An attacker could exploit this vulnerability by submitting crafted input to the web filter database update feature. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

    The second flaw is tracked as CVE-2022-20841, an open plug and play command injection vulnerability with a severity score of 8.3. This one is also due to insufficient validation of user-supplied input, and a successful exploit
    could allow the attacker to run arbitrary commands on an underlying Linux OS.

    Finally, Cisco fixed CVE-2022-20842, a remote code execution and denial of service vulnerability with a severity score of 9.8. Read more

    Cisco will not patch serious security hole in its old VPN routers


    Cisco tells customers to upgrade VPN routers or risk attack


    Keep your home or small business secure with the best secure routers out
    there

    A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an
    unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition, the company explained.

    Cisco urged its users to patch immediately, especially due to the fact that the vulnerabilities are dependent on one another. Exploitation of one of the vulnerabilities may be required to exploit another vulnerability, the company said. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. These are the best endpoint protection services out there



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-cisco-smb-router-ranges-have-serious-secur ity-flaws/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)