![]() ![]() While some of the high-severity issues can be exploited remotely without authentication, several of the flaws require authentication and/or access to the targeted system or network. These flaws can be exploited to obtain sensitive files from the targeted system, launch DoS attacks, and execute arbitrary code or commands. An attacker who has a valid username can obtain admin privileges on the system.Ĭisco also informed customers this week about the availability of patches for high-severity vulnerabilities affecting its SD-WAN solutions and some small business routers. Patches have also been released for a critical privilege escalation vulnerability affecting Cisco’s Prime License Manager (PLM) software. The impacted routers and firewalls are no longer being sold by Cisco, but apparently they have yet to reach end of support so the company has still patched them. A remote attacker can exploit it without authentication to execute arbitrary code with root privileges by sending the targeted device malicious requests. The last critical issue, CVE-2020-3331, impacts the RV110W Wireless-N VPN firewall and RV215W Wireless-N VPN router. RV110W Wireless-N VPN firewalls and RV130 VPN, RV130W Wireless-N Multifunction VPN, and RV215W Wireless-N VPN routers are affected. The third critical security hole fixed by the company this week in small business routers is CVE-2020-3144, which can be exploited to bypass authentication and execute arbitrary commands with admin privileges by sending malicious HTTP requests to the device. Exploitation does not require authentication. It allows a remote hacker to execute arbitrary code on the targeted device with root privileges by sending it a specially crafted HTTP request. One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.Īnother critical flaw, CVE-2020-3323, affects Small Business RV110W, RV130, RV130W, and RV215W routers. Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold. ![]()
0 Comments
Leave a Reply. |