Cisco Systems on Thursday announced patches for some 15 vulnerabilities — five of them critical — in its small business routers in the RV160, RV260, RV340, and RV345 series router family.
In an advisory, Cisco said there were no workarounds for the vulnerabilities. The company said exploiting the vulnerabilities could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, and cause a denial of service attack.
The critical vulnerabilities included the following: CVE-2022-20699, CVE-2022-20700, CVE-2022-20701, CVE-2022-20703, and CVE-2022-20708.
The Cisco Small Business RV series router vulnerabilities are quite concerning because of the severity and multiple attack vectors presented, most concerning of which is the SSL VPN vulnerability that could let attackers remotely compromise the router and gain administrative access,” said Tim Silverline, vice president of security at Gluware.
“Once vulnerabilities like this are announced, it’s often a race between hackers to create a workable exploit and begin scanning the internet for vulnerable targets and IT teams to quickly identify and patch the affected devices,” said Silverline. “No workarounds have been announced for any of these vulnerabilities so software upgrades appear to be the only viable resolution. These types of events highlight the need to automate the ability to quickly search through enterprise networks and apply upgrades. Without automation, it’s a race that most businesses will lose because of the sheer amount of adversaries lurking on the internet looking to exploit for profit.”
Casey Bisson, head of product and developer relations at BluBracket, said the rise of Mirai and other botnets that started years ago depended on large numbers of poorly protected devices, similar to what we’re seeing in these newly disclosed vulnerabilities. However, Bisson said those were just a warning for the more targeted risks we are seeing.
“Threat actors used to have to go dumpster diving at SMBs to find discarded, but sensitive information, but now they’re injecting persistent malware on network devices in those businesses to support unauthorized network ingress and ongoing monitoring for larger vulnerabilities across those networks,” Bisson said. “This lets them extract sensitive information, execute a ransomware attack, or hop into other networks. When we think about the 32 million SMBs in the U.S. that might be using this equipment — medical practices handling patient data, agencies handling client data, auto dealerships handling financial information, and all of them handling payroll data — we can see the true scale and impact of persistent malware threats in SMB network equipment.”
