Alongside Microsoft Patch Tuesday and other vendors, Cisco has also released fixes for numerous bugs. These include multiple critical vulnerabilities in Cisco VPN routers in addition to high-severity and medium-severity bugs in other products.
Critical Vulnerabilities In VPN Routers
With the recent update bundle, Cisco has fixed numerous security flaws in VPN routers. These vulnerabilities, upon exploitation, could allow an unauthenticated remote attacker to execute codes on the target device.
Among these, three of the bugs affected the web-based management interface of the routers. Specifically, CVE-2020-3331 affected RV110W Wireless-N VPN Firewall and RV215W Wireless-N VPN Router, CVE-2020-3323 affected the RV110W, RV130, RV130W, and RV215W Routers, and CVE-2020-3144 affected RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router.
Moreover, another vulnerability, CVE-2020-3330, affected the Telnet Service of RV110W Wireless-N VPN Firewall Routers.
All of these bugs achieved a critical severity rating with a CVSS score of 9.8. These bugs caught the attention of multiple security researchers who then alerted Cisco.
Following their reports, the vendors deployed fixes for all these vulnerabilities. Also, they confirmed no active exploitation of the bugs.
Others Bug Fixes In Cisco Products
Besides the critical vulnerabilities in VPN routers, Cisco also patched another critical flaw in the Prime License Manager (PLM) Software. This vulnerability, CVE-2020-3140, also attained a CVSS score of 9.8.
The bug existed due to insufficient user input validation on the web management interface. Hence, an attacker could exploit the bug by sending malicious requests to the affected system to gain admin access.
Also, Cisco addressed numerous high-severity vulnerabilities in VPN Routers, SD-Wan vManage and vEdge, Identity Services, email services, Webex meetings, and other products.
Since the patches are out, users should ensure updating their respective devices to the latest software versions to avoid any mishaps.
Besides, Windows users must also update their systems with the latest Microsoft updates that carry the fix for the wormable SigRed flaw too.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Drupal Release Emergency Fixes For Critical Code Execution Flaws - November 28, 2020
- Xbox Subdomain Vulnerability Exposed Users’ Email Addresses - November 27, 2020
- Home Depot 2014 Data Breach Update: $17.5 Million Multistate Settlement Reached - November 27, 2020