Critical Cisco Bugs Open VPN Routers to Cyberattacks

The company’s RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.

Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on the devices and more.

The RV series is a set of affordable VPN appliances that enable remote workers to connect to a company network. They come with built-in firewalls, advanced encryption and authentication features.

The critical bugs are part of 15 total vulnerabilities affecting the RV product line that Cisco disclosed this week. Some of the issues are exploitable on their own, while others must be chained together, the networking giant said – but they all could lead to a concerning cornucopia of bad outcomes.

According to Cisco’s Wednesday advisory, attackers could exploit the bugs (which variously affect the RV160, RV260, RV340 and RV345 appliances) to do the following:

Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS)

Cisco also said that proof-of-concept exploits are available for “several

Read More: https://threatpost.com/critical-cisco-bugs-vpn-routers-cyberattacks/178199/