Security News > 2021 > January > High-Severity Cisco Flaw Found in CMX Software For Retailers

Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.

A high-severity flaw in Cisco's smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems.

The most serious flaw afflicts Cisco Connected Mobile Experiences, a software solution that is utilized by retailers to provide business insights or on-site customer experience analytics.

This vulnerability affects Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2; the issue is patched in Cisco CMX releases 10.6.3 and later.

Of note, Cisco said it would not release software updates for the Cisco Small Business RV110W, RV130, RV130W and RV215W routers, as they have reached end of life.

"Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory," according to Cisco.

News URL

https://threatpost.com/cisco-flaw-cmx-software-retailers/163027/