Security News > 2021 > August > Cisco fixes critical, high severity pre-auth flaws in VPN routers

Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices.
Luckily, as the company explains, the remote management feature is disabled by default on all affected VPN router models.
"The web-based management interface for these devices is available through local LAN connections by default and cannot be disabled there," Cisco says.
In August 2020, Cisco warned of actively exploited zero-day bugs in carrier-grade IOS XR routers with multicast routing enabled.
One month later, in October 2020, Cisco again warned of attacks actively targeting a separate high severity vulnerability impacting the IOS XR Network OS deployed on the same router models.
In July 2020, Cisco fixed another actively exploited ASA/FTD firewall bug and a pre-auth critical remote code execution flaw that could lead to full device takeover on vulnerable devices.
News URL
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)