Wilson's Media

A Tech & Gaming Blog

Cisco routers suffer from multiple maximum severity security bugs

Audio player loading…

Five critical vulnerabilities have been discovered affecting four widely-used families of Cisco routers. Three of the five have a 10/10 rating on the Common Vulnerability Scoring System, meaning they could be heavily exploited for the most damaging of activities.

The Register claims Cisco itself revealed the critical bugs, issuing patches for only two router families, while the fixes for the other two are still pending. Dates when the remaining fixes might be available were unknown at press time. 

The routers that are affected by the flaws are usually used by small businesses, and include the RV160, RV260, RV340, and RV345 mdels. 

Elevation of privileges

Among the possibilities for malicious actors exploiting these flaws are arbitrary code and command execution, elevation of privileges, running unsigned software, circumventing authentication, and assimilating the devices into a botnet for Distributed Denial of Service (DDoS) attacks.  

The discovered vulnerabilities include:

CVE-2022-20699 

CVE-2022-20700 

CVE-2022-20701 

CVE-2022-20702 

CVE-2022-20708 

So far, RV340 and RV345 have been patched, while RV160 and RV260 are yet to get their code. 

To make matters even worse, Cisco said that a proof-of-concept exploit code is already available for some of the disclosed vulnerabilities. This is particularly worrying as many small businesses don’t have their own tech support, meaning these routers could go for months, years even, without being patched. 

Following the news, cybersecurity experts from Tenable took to Shodan to scan the internet for vulnerable routers and found more than 8,000 affected devices. The good news is that so far, an exploit is yet to pop up on a public repository. 

Cisco also said that there are no workarounds for these issues, and that installing the patch will be the only way to protect the device, and the network it powers, from malicious actors. 

 Via: The Register


Source

Audio player loading… Five critical vulnerabilities have been discovered affecting four widely-used families of Cisco routers. Three of the five have a 10/10 rating on the Common Vulnerability Scoring System, meaning they could be heavily exploited for the most damaging of activities. The Register claims Cisco itself revealed the critical…

Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives