Critical Cisco Bug in Small Business Routers to Remain Unpatched

2021-08-19 20:34

A critical security vulnerability in Cisco Small Business Routers allows remote code execution and denial of service.

The bug is one of six addressed by Cisco this week; it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week, which affects multiple vendors, well beyond Cisco.

The critical router issue, which carries a base CVSS score of 9.8 out of 10, affects the hardware's Universal Plug-and-Play service, Cisco said.

The first bug could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device to execute a command-and-control attack on a compromised host and perform and exfiltrate data from a compromised host.

The advisory is an interim one, and Cisco said it was still investigating which product versions are affected.

The spam-quarantine-related vulnerability affects Cisco Secure Email and Web Manager releases earlier than Release 14.1.

News URL

https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/

#cisco #critical #router

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4453	231	3070	1826	613	5740