Cisco Releases Security Updates for Multiple Products

Schedule update addresses Critical vulnerabilities in Cisco Small Business RV Routers

Threat ID:: CC-4141
Threat Severity:: Information only
Published:: 5 August 2022 4:36 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Schedule update addresses Critical vulnerabilities in Cisco Small Business RV Routers

Affected platforms

The following platforms are known to be affected:

Versions: RV160 and RV260 Series Routers - 1.0.01.05

Cisco Small Business RV Series Router

Versions: RV340 and RV345 Series Routers - 1.0.03.26 and earlier

Cisco Dual WAN Gigabit VPN Router

The following platforms are also known to be affected:

Many Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by at least one of these vulnerabilities.

RV160 VPN Routers
RV160W Wireless-AC VPN Routers
RV260 VPN Routers
RV260P VPN Routers with PoE
RV260W Wireless-AC VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers

Threat details

Introduction

Cisco has released a Critical security update to address vulnerabilities in multiple products, which include remote code execution, denial-of-service, and command injection vulnerabilities. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Other scheduled advisories address an additional four updates rated as Medium.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type	Step
Patch	Cisco Small Business RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR
Patch	Cisco Webex Meetings Web Interface Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS
Patch	Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF
Patch	Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE
Patch	Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD