Security News > 2021 > February > Cisco Patches Critical Vulnerabilities in Small Business Routers, SD-WAN
Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products.
The company warned that the web-based management interface of small business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is affected by seven severe vulnerabilities that could be abused by unauthenticated, remote attackers to execute arbitrary code as root.
The Cisco RV016, RV042, RV042G, and RV082 routers won't receive patches, because they have already reached end-of-life status.
Other high risk vulnerabilities that Cisco patched this week affect IOS XR software: one denial of service in the IPv6 protocol handling and two in the ingress packet processing function of IOS XR software, and two image verification bugs and one privilege escalation that affect IOS XR software for the Cisco 8000 series routers and Network Convergence System 540 series routers.
Cisco also released patches for medium severity flaws in Webex, Unified Computing System, IOS XR Software, Managed Services Accelerator, and DNA Center, and announced that it would release software updates to fix multiple bugs in the DNS forwarder implementation of dnsmasq.
Further information on the vulnerabilities Cisco has addressed in its products this week can be found on the company's security portal.
News URL
Related news
- OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Volt Typhoon suspected of exploiting Versa SD-WAN bug since June (source)
- Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) (source)
- Zyxel warns of critical OS command injection flaw in routers (source)
- Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)