Cisco has an advanced technological system that tracks bugs in their products and software and has recently revealed that there are fifteen bugs that pose a threat to small businesses. Three of these bugs have been rated 10/10 in the vulnerability scoring system and the most unfortunate part is that they do not have patches for all affected ranges.
The severe vulnerability is affecting the router series namely: RV160, RV260, RV340 and RV345. The attackers may either:
- allow unauthorized access by elevating the rights and privileges of the root user such as logins.
- Execute arbitrary commands due to improper verification of software images.
- Attack the Linux operating system by deploying malicious codes leading to DoS.
-Send malicious HTTP requests remotely.
Due to the severity of this issue, Cisco has released a free software update that can be downloaded from their website.
The top three 10/10 rated flaws are:
• Remote code execution: CVE-2022-20699
With root privileges, an attacker may send malicious HTTP code and execute a code. This is only possible because validation of HTTP requests was not done properly. This also gives the attacker the ability to reload a device and cause denial-of-service since he gains arbitrary command on the device’s operating system using root privileges.
• Denial of Service: CVE-2022-20708
An attacker may gain access to a users device and execute arbitrary commands. This may happen due to
Insufficient authorization of user input. An attacker is able to inject malicious commands into the Linux operating system.
• Elevation privileges: CVE-2022-20700
This vulnerability was rated the most severe. Due to insufficient authorization enforcement mechanisms, an attacker may elevate privileges in a manner that he is able to root and execute arbitrary commands on a vulnerable device or system. He would execute these commands as root after successfully exploiting the vulnerability.
Following this incident, Cisco released fixes for the 15 vulnerabilities on RV340 and RV345 router series but we still await the release of the remaining 10 fixes for the RV160 and RV260 series which they have promised to release soonest possible.
According to Tenable security firm, over 8000 devices are at risk of exploitation, thankfully there has been no reports. The lack of patches is questionable given the severity of threat level the vulnerabilities pose to businesses who may not even be aware that they exist.
Cisco recommends turning off remote web management to users as they work on developing patches to counter these vulnerabilities. To avert any attack, please download the latest software version and update it as soon as possible.