Security News > 2021 > August > Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play service of multiple small business VPN routers will not be patched because the devices have reached end-of-life.
"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process."
According to an announcement on Cisco's website, the last day these RV Series routers were available for order was December 2, 2019.
The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates.
The company also released a patch for another zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client VPN software six months after initial disclosure, even though it was aware of publicly available proof-of-concept exploit code.
Even though Cisco did not share the reason behind the delay, a fix was likely not a priority because there was no evidence of in the wild abuse and default configurations were not vulnerable to attacks.
News URL
Related news
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client (source)
- Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Cisco warns of password-spraying attacks targeting VPN services (source)
- New Ivanti RCE flaw may impact 16,000 exposed VPN gateways (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)