RCE vulnerability for VPN routers for multiple Cisco small environments

Cisco systems provided by Cisco Systems, a VPN router for some small -scale environments has revealed a serious vulnerability.A firmware update is provided.

In the web -interface of the "Cisco Small Business RV345", "RV345P", "RV340", and "RV340W", there is a problem in the processing of HTTP requests, and the vulnerability that may execute any code or command from remote.-2021-1609 is revealed.

There is no authority for abuse, and the common vulnerability evaluation system "CVSSV3".The base score of "1" is "9", "9".8 ", the importance is" Critical ", which is the highest in four stages.

Also, the CVE-2021-1610 command-injection vulnerabilities have been revealed in the web interface.Authentged users may execute any command with root authority.CVSS basic value is "7.2 "2" is "high".

The company has updated the firmware that resolved these vulnerabilities "Version 1.0.03."22" has been released and the user is calling attention.

(Security Next --2021/08/10) Tweets

Related Links

PR

関連記事

"Dirty Pipe" to Linux Kernel "Dirty Pipe" -POC also released SAP and 11 monthly security patches -newly released -The vulnerability of "HOT NEWS" is vulnerable to NEC Platforms Wireless VPN Louters ADOBE, Security Update "Firefox 98" for images and video processing products -Released 7 vulnerabilities MS, released monthly patches in February -71 vulnerabilities "WPS Office for Windows".Vulnerability to the Filtering Product "i -FILTER" of the possibility of capturing administrator authority -Updated and modified settings "Firefox" Update Urgent Update -Multiple Seriously Cisco Expressway "Cisco Expressway" and "Cisco TelepreSense VCS" Multiple Serious VCSs.Vulnerability