Security News > 2022 > February > Cisco fixes critical bugs in SMB routers, exploits available
Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication.
In total, there are fifteen vulnerabilities fixed by these security updates, with five of them rated as Critical as threat actors can use them to gain 'root' privileges or remotely execute commands on the device.
"Some of the vulnerabilities are dependent on one another. Exploitation of one of the vulnerabilities may be required to exploit another vulnerability," explains the Cisco advisory.
Even if your product isn't affected by any critical vulnerabilities, there's always a chance that threat actors will chain several less severe flaws to achieve high-impact attacks.
"The Cisco"Product Security Incident Response Team states that they are aware of proof-of-concept exploit code available for several of the vulnerabilities fixed in these updates.
It is unknown what PoC exploits are available for the other vulnerabilities, however once security updates are released, these PoCs tend to become publicly fairly quickly.
News URL
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)