Security News > 2021 > February > Cisco Patches Critical Vulnerabilities in Small Business Routers, SD-WAN
Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products.
The company warned that the web-based management interface of small business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is affected by seven severe vulnerabilities that could be abused by unauthenticated, remote attackers to execute arbitrary code as root.
The Cisco RV016, RV042, RV042G, and RV082 routers won't receive patches, because they have already reached end-of-life status.
Other high risk vulnerabilities that Cisco patched this week affect IOS XR software: one denial of service in the IPv6 protocol handling and two in the ingress packet processing function of IOS XR software, and two image verification bugs and one privilege escalation that affect IOS XR software for the Cisco 8000 series routers and Network Convergence System 540 series routers.
Cisco also released patches for medium severity flaws in Webex, Unified Computing System, IOS XR Software, Managed Services Accelerator, and DNA Center, and announced that it would release software updates to fix multiple bugs in the DNS forwarder implementation of dnsmasq.
Further information on the vulnerabilities Cisco has addressed in its products this week can be found on the company's security portal.
News URL
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)