Cisco has released patches for a vulnerability that affects several small business VPN routers. The vulnerabilities that could allow an attacker to perform remote code execution attacks have a severity of 9.8 out of 10.
The company announced that a number of VPN routers were affected when they ran firmware version 1.0.01.02. Cisco also confirmed that its dual WAN gigabit VPN routers (including the RV340, RV340W, RV345, and RV345P) were not affected by the vulnerabilities.
“Several vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN routers could allow an unauthenticated remote attacker to run arbitrary code as the root user on an affected device,” according to a Cisco security statement Advice explained. “Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. “
During the consultation, Cisco also revealed that the VPN …