5 Critical Vulnerabilities Found in Cisco, across 34 Vulnerabilities.
In July 2020, it is like a patch month. Many IT companies have patched their security vulnerabilities like Microsoft Tuesday patches many vulnerabilities, including SigRed, a 17-year-old critical bug used to hijack Microsoft Windows Server.
Also, Adobe, VMware, SAP, and Oracle have released security patches this month.
Now turns Cisco, The vulnerabilities included SQL injections, cross-site scripting, Bypass filter, denial of service, major information leaks have found and patched.
5 Following CISCO critical vulnerabilities are as follows.
CVE-2020-3330
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account.
The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.
CVE-2020-3323 and CVE-2020-3144
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.
Cisco Prime License Manager Privilege Escalation Vulnerability
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.
All users recommended to update it. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerability.
Check Full Cisco Security advisory here.
