Security News > 2021 > August > Critical Cisco Bug in Small Business Routers to Remain Unpatched
A critical security vulnerability in Cisco Small Business Routers allows remote code execution and denial of service.
The bug is one of six addressed by Cisco this week; it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week, which affects multiple vendors, well beyond Cisco.
The critical router issue, which carries a base CVSS score of 9.8 out of 10, affects the hardware's Universal Plug-and-Play service, Cisco said.
The first bug could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device to execute a command-and-control attack on a compromised host and perform and exfiltrate data from a compromised host.
The advisory is an interim one, and Cisco said it was still investigating which product versions are affected.
The spam-quarantine-related vulnerability affects Cisco Secure Email and Web Manager releases earlier than Release 14.1.
News URL
https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)