Security News > 2021 > April > Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices.
The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance.
"A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device," Cisco said in its advisory.
"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process," the firm said.
"Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."
Separately, Cisco has also released software updates to address multiple vulnerabilities in Cisco SD-WAN vManage Software that could permit an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- Netgear warns users to patch auth bypass, XSS router flaws (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager (source)
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) (source)
- Critical Cisco bug lets hackers add root users on SEG devices (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-08 | CVE-2021-1459 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 9.8 |