Security News > 2022 > September > Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers.
Cisco said its Product Security Incident Response Team has not seen any public disclosures about the vulnerability nor evidence that any cybercriminal has exploited the flaw.
Two of the vulnerabilities Cisco has patched carried severity ratings of "High."
"If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial of service condition," Cisco wrote in its advisory.
Another high-severity vulnerability that Cisco patched affected the binding configuration of Cisco Software-Defined WAN containers that would enable an unauthenticated and adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on vulnerable systems.
PSIRT said it found no announcements or exploitation of either flaw, though the unit knows that proof-of-concept exploit code is available to cybercriminals for the one in Nvidia's MLNX DPDK. In addition, Cisco issued a patch for a vulnerability in the Webex App that could allow an unauthenticated remote attacker to modify links or other content in the messaging interface, which could lead to phishing or spoofing attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/08/cisco_routers_vulnerability/
Related news
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)