Cisco Released Patches For IOS XE Software But Two Routers Still Unpatched

CISCO Routers
CISCO Routers

CISCO Security update released with 27 Patches including 15 of vulnerabilities are critical.

Cisco also updated security vulnerabilities for Internetworking Operating System (IOS) XE software. It is running on Cisco networking gear such as its switches, routers and controllers.

But two routers vulnerabilities still unpatched.

Incomplete Patch

Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

The vulnerabilities impact are High, which is still incomplete to patch.

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

Also Read- Both routers were first patched in January

The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.

The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix.

Following Vulnerabilities have patched

Cisco IOS XE Software Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information.

The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.

Cisco IOS Software NAT64 Denial of Service Vulnerability

A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload.

The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent through the device. An attacker could exploit this vulnerability by sending specific IPv4 packet streams through the device. An exploit could allow the attacker to either cause an interface queue wedge or a device reload, resulting in a denial of service (DoS) condition.

Cisco IOS XE Software Arbitrary File Upload Vulnerability

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device.

The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Opera Browser Free VPN

Opera Browser Enabled FREE VPN For Android

Next Article
TP-Link Smart Router

Zero-Day Vulnerability in TP-Link Smart Routers [POC]

Related Posts
Total
0
Share