Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices.
Cisco also addressed a privilege escalation issue that impacts the Cisco Prime License Manager software.
The five vulnerabilities have been labeled as critical and rated 9.8 out of 10 CVSS base score, below the list of the issues fixed by Cisco.
|Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability||CVE-2020-3330|
|Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability||CVE-2020-3323|
|Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability||CVE-2020-3144|
|Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability||CVE-2020-3331|
|Cisco Prime License Manager Privilege Escalation Vulnerability||CVE-2020-3140|
The Cisco Product Security Incident Response Team (PSIRT) confirmed that it is not aware of any public announcements or malicious use of the above vulnerabilities.
The tech giant confirmed that there are no workarounds that fix these vulnerabilities.
The company acknowledged the external security researchers Larryxi of XDSEC, Gyengtak Kim, Jeongun Baek, and Sanghyuk Lee of GeekPwn, Quentin Kaiser, and Adam Engle of AdventHealth for the flaws.
Cisco released security updates to address other 22 high and medium severity security vulnerabilities impacting several routers, WebEx, Cisco SD-WAN Solution Software versions and other software.
(SecurityAffairs – hacking, Cisco)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.