Security News > 2020 > July > Cisco patches critical flaws in VPN routers and firewalls
Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing.
Cisco Small Business RV110W Wireless-N VPN Firewalls with firmware releases prior to v1.2.2.8 can be taken over by attackers via a system account has a default and static password.
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are plagued by a vulnerable web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The RV110W Wireless-N VPN Firewalls and RV215W Wireless-N VPN Routers also have a hole that could be exploited by sending crafted requests to a targeted device and could allow the attacker to execute arbitrary code with the privileges of the root user.
Admins in charge of keeping Cisco Unified Communications Manager Software, Cisco Unified CM Session Management Edition Software, and Cisco Unity Connection Software up-to-date should also see whether they need to implement this update, since Cisco PLM can be installed as part of that software.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/qLQH9_DI4Hs/
Related news
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- QNAP addresses critical flaws across NAS, router software (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)