Cisco inferno: Networking giant reveals three 10/10 rated critical router bugs – The Register

admin on February 5, 2022 Leave a Comment

Cisco has revealed five critical bugs, three of them rated 10/10 on the Common Vulnerability Scoring System, that impact four of its router families aimed at small businesses. And it only has patches available for two of the affected ranges.

The flaws impact the RV160, RV260, RV340 and RV345 products, all of which can be abused with:

If that's not enough to worry about, the boxes can also be made to create DDoS attacks.

The three 10/10-rated flaws are:

Cisco's advisory lists 15 CVEs, another two of which are rated critical: the 9.3/10 CVE-2022-20703 and the 9/10 CVE-2022-20701.

Six of the other vulns have a High rating, meaning they've scored between 7.0 and 8.9 on the CVSS.

Cisco has updated software for the RV340 and RV345 series, but the RV160 and RV260 eagerly await their patches. The networking giant hasn't advised when that code will debut.

That lack of patches is scary, because Cisco admits it's aware that proof-of-concept exploit code is available for several of the vulnerabilities it has disclosed. Perhaps scarier still, given that small businesses often go without tech support many customers may never be notified that these flaws exist, or have the skills to update a router.

On February 2, security firm Tenable ran a Shodan scan looking for the imperiled routers and found "at least 8,400 publicly accessible RV34X devices." Thankfully, the firm says it can't find any exploits for the devices on public repositories.

There's every chance that situation will quickly change for the worse.

Being asked to do ad hoc tech support for friends and family is never fun. Might this triple dose of perfectly critical trouble be the moment to offer counsel?

View post:
Cisco inferno: Networking giant reveals three 10/10 rated critical router bugs - The Register

Related Posts
Posted in Cloud Hosting

Comments are closed.