Cisco routers suffer from multiple maximum severity security bugs

Four routers have three bugs rated 10/10 for severity

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Five critical vulnerabilities have been discovered affecting four widely-used families of Ciscorouters. Three of the five have a 10/10 rating on the Common Vulnerability Scoring System, meaning they could be heavily exploited for the most damaging of activities.

The Registerclaims Cisco itself revealed the critical bugs, issuing patches for only two router families, while the fixes for the other two are still pending. Dates when the remaining fixes might be available were unknown at press time.

The routers that are affected by the flaws are usually used bysmall businesses, and include the RV160, RV260, RV340, and RV345 mdels.

Elevation of privileges

Among the possibilities for malicious actors exploiting these flaws are arbitrary code and command execution, elevation of privileges, running unsigned software, circumventing authentication, and assimilating the devices into a botnet for Distributed Denial of Service (DDoS) attacks.

The discovered vulnerabilities include:

CVE-2022-20699

CVE-2022-20700

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

CVE-2022-20701

CVE-2022-20702

CVE-2022-20708

So far, RV340 and RV345 have been patched, while RV160 and RV260 are yet to get their code.

Cisco will not patch serious security hole in its old VPN routers>Cisco fixes major security flaw affecting VPN routers>Cisco says it’s fixed flaw affecting multiple small business VPN routers

To make matters even worse, Cisco said that a proof-of-concept exploit code is already available for some of the disclosed vulnerabilities. This is particularly worrying as many small businesses don’t have their own tech support, meaning these routers could go for months, years even, without being patched.

Following the news, cybersecurity experts from Tenable took to Shodan to scan the internet for vulnerable routers and found more than 8,000 affected devices. The good news is that so far, an exploit is yet to pop up on a public repository.

Cisco also said that there are no workarounds for these issues, and that installing the patch will be the only way to protect the device, and the network it powers, from malicious actors.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time