Security News

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers - including a 9.8-rated nasty. The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups.

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service condition. The issues, tracked as CVE-2021-1609 and CVE-2021-1610, reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22.

Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. Luckily, as the company explains, the remote management feature is disabled by default on all affected VPN router models.

Cisco has addressed a vulnerability in the Firepower Device Manager On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities.

The Open Source Security Foundation, the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift. With open source software becoming a central pillar of the application development lifecycle, ensuring the security of open source code is essential to securing modern software, regardless of whether it is used on end-user devices or in enterprise environments.

On Thursday, Cisco published two blog posts outlining its hybrid work strategy and company tech enabling distributed workforces. While the articles provide a specific glimpse into the strategy and approach for one tech titan, the underlying concepts of enabling remote and on-site teams are front and center for companies worldwide in the age of hybrid work.

Airtel launched connectivity solutions for enterprises based on Cisco Software Defined Wide Area Networking technology. The Airtel Intelligent VPN solution is an automated and centrally managed SD-WAN offering available to Airtel's large customer base across India.

Cisco's Talos threat intelligence and research unit has disclosed the details of several critical vulnerabilities affecting a router monitoring application made by Taiwan-based industrial and IoT solutions provider Advantech. The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers.

Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks. In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.

Kloudspot announced it has partnered with Cisco Meraki to help organizations offer safer and smarter workspace experiences for customers and employees. The Kloudspot Platform and KloudVision combine real-time location intelligence and video analytics collected from the Cisco Meraki intuitive cloud-first platform to securely integrate unique safety features - such as occupancy monitoring for social distancing, automated triggers and PPE compliance monitoring.