Cisco announced that it will not release a patch to address a novel authentication bypass zero-day vulnerability impacting small business VPN routers that have already reached end-of-life, according to BleepingComputer.
A faulty password validation algorithm has been regarded as the cause of the flaw, tracked as CVE-2022-20923, which affects Cisco's RV110W, RV130, RV130W, and RV215W routers, which were last available for order in December 2019.
"A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network. The attacker may obtain privileges that are the same level as an administrative user, depending on the crafted credentials that are used," said Cisco.
Despite the absence of proof-of-concept exploits or in-the-wild exploitation of the flaw, users of the now unsupported systems have been urged to upgrade to newer models.
"Cisco has not released and will not release software updates to address the vulnerability described in this advisory. Customers are encouraged to migrate to Cisco Small Business RV132W, RV160, or RV160W Routers," said Cisco.
Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to BleepingComputer.
BleepingComputer reports that online banking accounts across Finland were noted by the country's Transport and Communications Agency, or Traficom, to have been targeted by ongoing Android malware attacks.
BleepingComputer reports that numerous Android apps with over four billion downloads are susceptible to the novel Dirty Stream attack, which involves the exploitation of a flaw in Android's content provider system that could enable arbitrary code execution and secrets compromise.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news