Cisco Systems last week issued security advisories for two dozen vulnerabilities, including two high-severity flaws in its Small Business RV320 and RV325 dual gigabit WAN VPN routers, which attackers are reportedly already trying to exploit with published proof-of-concept code.

Device owners are advised to immediately download Cisco's patches for the two exploited flaws, both of which reside within the routers' web-based management interface.

The first, CVE-2019-1652, is a command injection bug caused by improper validation of user-supplied input. The vulnerability, which affects routers running firmware releases 1.4.2.15 through 1.4.2.19, can can allow authenticated, remote attackers with admin privileges to execute arbitrary commands on the underlying Linux shell as root.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.