[German]Customers of Network supplier Cisco and its customers are currently at risk. Cisco has published a security notice regarding its small business routers (SMB) on February 2, 2022, which is quite something. There are several security holes in their firmware, three of which CVEs have been classified as critical with an index of 10/10. It probably affects Cisco small business routers of the RV160, RV260, RV340 and RV345 series.
Advertising
Cisco lists the details of the vulnerabilities for the RV160, RV260, RV340 and RV345 series small business routers in this security alert:
- Execute arbitrary code
- Elevate privileges
- Execute arbitrary commands
- Bypass authentication and authorization protections
- Fetch and run unsigned software
- Cause denial of service (DoS)
Cisco has released software updates that address these vulnerabilities. Vulnerabilities CVE-2022-20700, CVE-2022-20702, CVE-2022-20703, CVE-2022-20704, CVE-2022-20705, and CVE-2022-20706 affect the following Cisco products:
- RV160 VPN Routers
- RV160W Wireless-AC VPN Routers
- RV260 VPN Routers
- RV260P VPN Routers with PoE
- RV260W Wireless-AC VPN Routers
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
Vulnerabilities CVE-2022-20699, CVE-2022-20701, CVE-2022-20707, CVE-2022-20708, CVE-2022-20709, CVE-2022-20710, CVE-2022-20711, CVE-2022-20712 and CVE-2022-20749 affect only the following Cisco products:
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
There are no workarounds to address these vulnerabilities. CVE-2022-20699, CVE-2022-20700 and CVE-2022-20708 have a CVSS base score of 10.0. Cisco has published the details of the respective vulnerabilities as well as software updates for various devices. Those who have such devices in use should take care of firmware updates as soon as possible.
Advertising
