430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixes 5 critical flaws that could allow router firewall takeover

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely […]

Cisco Catalyst

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover.

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices.

Cisco also addressed a privilege escalation issue that impacts the Cisco Prime License Manager software.

The five vulnerabilities have been labeled as critical and rated 9.8 out of 10 CVSS base score, below the list of the issues fixed by Cisco.

VulnerabilityCVE-ID
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential VulnerabilityCVE-2020-3330
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution VulnerabilityCVE-2020-3323
Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass VulnerabilityCVE-2020-3144
Cisco RV110W and RV215W Series Routers Arbitrary Code Execution VulnerabilityCVE-2020-3331
Cisco Prime License Manager Privilege Escalation VulnerabilityCVE-2020-3140

The Cisco Product Security Incident Response Team (PSIRT) confirmed that it is not aware of any public announcements or malicious use of the above vulnerabilities.

The tech giant confirmed that there are no workarounds that fix these vulnerabilities.

The company acknowledged the external security researchers Larryxi of XDSEC, Gyengtak Kim, Jeongun Baek, and Sanghyuk Lee of GeekPwn, Quentin Kaiser, and Adam Engle of AdventHealth for the flaws.

Cisco released security updates to address other 22 high and medium severity security vulnerabilities impacting several routers, WebEx, Cisco SD-WAN Solution Software versions and other software.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

[adrotate banner=”5″]

[adrotate banner=”13″]