Skip to main content

Cisco Releases Critical Security Update for Small Business RV Series Routers

Critical Cisco Security Advisory for Small Business RV Series Routers rates the combined vulnerabilities with a CVSSv3 score of 10.0

Threat ID:
CC-4031
Threat Severity:
Medium
Published:
3 February 2022 5:05 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Critical Cisco Security Advisory for Small Business RV Series Routers rates the combined vulnerabilities with a CVSSv3 score of 10.0

The following platforms are also known to be affected:

Many Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by at least one of these vulnerabilities.

  • RV160 VPN Routers
  • RV160W Wireless-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wireless-AC VPN Routers
  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers

Threat details

Introduction

Cisco has released a critical security update to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The update concerns remote code execution (RCE), privilege escalation, remote command execution, bypass authentication and authorisation protections, fetch and run unsigned software, and cause a denial-of-service condition.

A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisory and apply the necessary updates or workarounds.

Remediation steps

Type Step
Patch

Cisco Small Business RV Series Routers Vulnerabilities - cisco-sa-smb-mult-vuln-KA9PK6D


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Last edited: 3 February 2022 5:37 pm