Security News > 2020 > July > Cisco patches critical flaws in VPN routers and firewalls

Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing.

Cisco Small Business RV110W Wireless-N VPN Firewalls with firmware releases prior to v1.2.2.8 can be taken over by attackers via a system account has a default and static password.

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are plagued by a vulnerable web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The RV110W Wireless-N VPN Firewalls and RV215W Wireless-N VPN Routers also have a hole that could be exploited by sending crafted requests to a targeted device and could allow the attacker to execute arbitrary code with the privileges of the root user.

Admins in charge of keeping Cisco Unified Communications Manager Software, Cisco Unified CM Session Management Edition Software, and Cisco Unity Connection Software up-to-date should also see whether they need to implement this update, since Cisco PLM can be installed as part of that software.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qLQH9_DI4Hs/