Skip to main content

Cisco tells customers to upgrade VPN routers or risk attack

Cisco has advised customers to trade in old Small Business RV VPN routers for newer models, as the old ones have high-severity vulnerabilities that it won’t be patching.

As reported by BleepingComputer, the company recently discovered a vulnerability revolving around insufficient user input validation of incoming HPPT packets. By sending a “specially crafted request” to the web-based management interface of these devices, an attacker could end up with root-level privileges. Essentially, they’d be getting free access to the endpoint.

Tracked as CVE-2022-20825, the flaw has a severity score of 9.8, so it’s pretty dangerous. It was found in four models: the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

End of life

These models, however, have reached end-of-life status and as such will not be patched.

A small caveat is that the web-based remote management interface on WAN connections needs to be enabled for the flaw to be exploitable, and by default, it’s not. Still, many exposed devices can be found with a quick Shodan search.

To double-check if your routers have this feature enabled, log into the web-based management interface, and head over to Basic Settings - Remote Management, and uncheck the box. Furthermore, this is the only way to mitigate the threat, and users are advised to do that before moving on to newer models. Cisco was said to be “actively supporting” models RV132W, RV160, and RV160W.

RV160, together with RV260, RV340, and RV345, recently received a patch for five vulnerabilities with a 10/10 severity rating. Among the possibilities for malicious actors exploiting these flaws are arbitrary code and command execution, elevation of privileges, running unsigned software, circumventing authentication, and assimilating the devices into a botnet for Distributed Denial of Service (DDoS) attacks.  

To shield against cyberattacks of all kinds, businesses are advised to keep hardware and software up to date, run an antivirus and firewall solution, and educate employees on the dangers of phishing and ransomware.

Via BleepingComputer



Source: TechRadar

Popular posts from this blog

How to get the Microsoft experience on a Chromebook

Microsoft's dedication to Android translates to a great Chrome OS experience, too. Once upon a time, to get the best experience for Microsoft services, you needed to buy a Windows laptop . If you were on a budget laptop with lower specs, though, performance was slow, all tasks were tedious, and your productivity suffered. These days, though, the best Chromebooks offer excellent performance and less maintenance at lower price points. Thanks to the way Microsoft has worked to improve Microsoft apps and services across all platforms — from Macs to Android tablets to phones — you can still get most of the Microsoft goodies on a Chromebook. In fact, if you're on a tight computer budget, a Chromebook could be the best machine for Microsoft users — something even Microsoft acknowledges as it preps Windows 10X to better compete with Chrome OS. From productivity to playing games, here's how to get the best Microsoft experience on a Chromebook. Best of Microsoft on Chromeb

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

Duke Nukem is getting a movie from some guys who could actually pull it off

The one true Duke. I wouldn’t be surprised if you have no idea who Duke Nukem even is — that’s how hard the classic video game franchise cratered a decade ago. Today, the character is mostly known as a punchline for video game vaporware jokes, about how Duke Nukem Forever spent 14 years in development hell only to become a huge flop. And yet for years now, Duke’s corporate owners have been whispering that a movie is coming, culminating in The Hollywood Reporter ’s story today : Legendary Entertainment has tapped Cobra Kai creators Josh Heald, Jon Hurwitz and Hayden Schlossberg to actually produce a feature film. I don’t quite know how to react! As a gamer who actually quite liked Duke Nukem , Duke Nukem II and Duke Nukem 3D, I absolutely agree that this movie should never be made because Duke Nukem has no depth and no story and was always designed to be a caricature . (Side note: the famous quote about coming to kick ass and chew bubblegum and being all out of gum? Like most