Security News > 2021 > February > Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers.
The flaws exist in the web-based management interface of Cisco's small-business lineup of VPN routers.
On Wednesday, Cisco also warned of two high-severity flaws across this same set of small-business VPN routers.
These flaws are also fixed by firmware Release 1.0.01.02; The networking giant said that it's not aware of any exploits in the wild of the critical flaws for any of these flaws.
Cisco on Wednesday pushed out a flurry of patches addressing high-severity vulnerabilities beyond its VPN small-business routers.
Finally, Cisco patched various high-severity flaws affecting its IOS XR software, a train of Cisco Systems' widely deployed Internetworking Operating System.
News URL
https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/
Related news
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)