Security News > 2021 > April > Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices.
The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance.
"A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device," Cisco said in its advisory.
"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process," the firm said.
"Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."
Separately, Cisco has also released software updates to address multiple vulnerabilities in Cisco SD-WAN vManage Software that could permit an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-08 | CVE-2021-1459 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 9.8 |