cisco patches critical remote code execution bugs in vpn routers
Vilius Petkauskas Updated on: 04 August 2022
cisco patches critical remote code execution bugs in vpn routers

Image by Shutterstock.

Cisco released patches to mitigate vulnerabilities, some of which would allow remote code execution (RCE) attacks or cause a denial of service (DoS) in a device.

US tech giant Cisco released patches for critical vulnerabilities affecting its Small Business RV series routers. The flaws affect RV160, RV260, RV340, and RV345 series models and could allow unauthorized remote access.

According to Cisco’s advisory, the vulnerabilities depend on one another for an exploit, meaning a potential attacker would have to use a conjunction of flaws to carry out an attack successfully.

Tracked as CVE-2022-20842, the bug developed due to insufficient validation of user-supplied input to the web-based management interface.

“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition,” Cisco’s advisory explained.

Another flaw, CVE-2022-20827, stems from insufficient input validation and allows attackers to perform command injection with root privileges. Threat actors could exploit the bug by submitting crafted input to the web filter database update feature.

The third bug Cisco outlined, CVE-2022-20841, comes from insufficient validation of user-supplied input. Attackers could exploit this by sending malicious input to an affected device.

“A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system,” the company said.

While there’s no indication that vulnerabilities were exploited in the wild, Cisco advises customers to upgrade device software. The models of affected devices, necessary updates and releases are specified in the company’s advisory.

TECH NEWS RELATED

Shanghai police leak reveals China to be as vulnerable as any nation

Vilius Petkauskas , Journalist Updated on: 04 August 2022 Image by Edgar Su/Reuters. The record-breaking leak, if confirmed, would show that Chinese organizations deal with the same security issues as the West does. Reports show that most ransomware gangs focus on organizations in the US, UK, EU, Australia, or Canada, ...

View more: Shanghai police leak reveals China to be as vulnerable as any nation

Two terabytes of data released as hackers strive to expose companies' environmental damage

Anna Zhadan , Editor Updated on: 04 August 2022 The hacking collective Guacamaya hacked and released over two terabytes of data from five mining companies and two public agencies in Central and South America to expose the negative environmental developments in the area. A collection of files and emails was ...

View more: Two terabytes of data released as hackers strive to expose companies' environmental damage

China implicated in global digital spin campaign

Damien Black , Senior Journalist Updated on: 04 August 2022 Image by Shutterstock A Chinese public relations company has been linked by digital intelligence firm Mandiant to what it says could be a covert disinformation campaign being conducted on dozens of its news websites. Although distinct from the Dragonbridge information ...

View more: China implicated in global digital spin campaign

Robot to showcase its surgery skills on ISS

Justinas Vainilavičius , Senior Journalist Updated on: 04 August 2022 Craig Chandler/University Communication A surgery-performing robot developed by the University of Nebraska-Lincoln will blast into space to perform tests on the International Space Station in 2024 as NASA continues to ramp up its efforts in preparation for deep space travel. ...

View more: Robot to showcase its surgery skills on ISS

Crypto spring will return: don’t panic sell

Neil C. Hughes Updated on: 04 August 2022 Many panic sellers have lost a lot of money, and everyone else will be looking at a deflated portfolio, wondering how long crypto winter will last. The global market cap has dived from $3 trillion to its current valuation of around ...

View more: Crypto spring will return: don’t panic sell

How long will crypto winter last?

Neil C. Hughes Updated on: 04 August 2022 Many panic sellers have lost a lot of money, and everyone else will be looking at a deflated portfolio, wondering how long crypto winter will last. The global market cap has dived from $3 trillion to its current valuation of around ...

View more: How long will crypto winter last?

Criminals “solved” bot defense leading to an uptick in stolen accounts

Jurgita Lapienytė , Deputy Chief Editor Updated on: 04 August 2022 Image by Shutterstock There’s been an uptick in stolen accounts as criminals increasingly rely on a tool that bypasses most bot management systems. Threat actors found a way to “solve” a bot detection system’s defense and are now selling ...

View more: Criminals “solved” bot defense leading to an uptick in stolen accounts

Ditch hot wallets, experts tell crypto holders after Solana hack

Damien Black Updated on: 04 August 2022 Image by Shutterstock Crypto experts have reacted with dismay to the recent hack of Solana that robbed users of some $8 million, with many calling for investors to swap convenience for security and trade the more easily hackable hot wallets for cold ...

View more: Ditch hot wallets, experts tell crypto holders after Solana hack

Crypto scammers posing as Elon Musk briefly hack Imran Khan’s Instagram account

US and China have most hijacked machines, says report

Nightmare cyberattack is comparable to a natural disaster – interview

UK to invest £6m in quantum computing

What your company needs to understand about digital privacy (but probably doesn't)

New cybersecurity tool simplifies site evaluations

Reddit awards hero hacker $10k bounty

Nomad knew of a flaw resulting in a $190m heist two months beforehand - report

Samsung launches self-repair program

Taiwan's presidential website hit by a cyberattack shortly before Pelosi's visit

The internet's autoimmune problem: how ethical hackers face prosecution to this day

League of Legends players targeted with file-locking malware

OTHER TECH NEWS

Top Car News Car News