Buyers of Cisco’s RV sequence of little to medium-sized business routers are encouraged to patch their gear urgently to fix many crucial vulnerabilities.
The vulnerabitilies allow attackers to operate arbitrary code and instructions on the routers, as effectively bypass person authentication and lead to denial-of-company scenarios.
Attackers can also elevate person privileges and fetch and operate unsigned software program by exploiting the vulnerabilities, Cisco said.
Cisco has released patches for vital severity vulnerabilities influencing RV Series Routers. Read far more at https://t.co/CgL7mAccYo. #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) February 3, 2022
A few of the vulnerabilities are rated at the full 10. on the Popular Vulnerabilities Scoring Process (CVSS).
Cisco reported the following routers need patching:
- RV160 VPN
- RV160W Wi-fi-AC VPN
- RV260 VPN
- RV260P VPN routers with PoE
- RV260W Wi-fi-AC VPN
- RV340 Twin WAN Gigabit VPN
- RV340W Dual WAN Gigabit Wireless-AC VPN
- RV345 Dual WAN Gigabit VPN
- RV345P Dual WAN Gigabit POE VPN
In addition, the RV340, RV340W, RV345 and RV345P units also contain some of the vulnerabilities in Cisco’s protection advisory, and need patching.
No workarounds are obtainable for the vulnerabilities, Cisco explained.