Friday, April 23, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cisco releases security fixes for critical VPN, router vulnerabilities

July 18, 2020
in Internet Security
Cisco tackles root privilege vulnerability in SD-WAN software
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cisco has issued a security update that tackles 34 vulnerabilities, five of which are deemed critical. 

It’s been an interesting month for enterprise administrators and security staff with Microsoft’s Patch Tuesday including fixes for 123 vulnerabilities across 13 products. In particular, warnings were issued over SigRed (CVE-2020-1350), a 17-year-old critical bug that can be used to hijack Microsoft Windows Server builds. 

You might also like

Malware and ransomware gangs have found this new way to cover their tracks

Best free PC antivirus software in 2021

ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation

Adobe, SAP, VMware, and Oracle have also released their own security updates.

Over this week, Cisco added its own contribution, with the networking giant releasing patches for 34 bugs, the most severe of which can be exploited to conduct remote code execution and privilege escalation attacks. 

See also: Cisco: SecureX is the ‘centerpiece’ of our security portfolio, generally available June 30

The first of the critical bugs, now resolved, is CVE-2020-3330. Issued a CVSS severity score of 9.8, this security flaw impacts the Telnet service in Cisco Small Business RV110W Wireless-N VPN Firewall routers and is caused by the use of a default, static password. If obtained by attackers, this can lead to the full remote hijacking of a device. 

The second security flaw of note is CVE-2020-3323 (CVSS 9.8) which impacts Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. The online management portal has improper validation problems that can be exploited through crafted, malicious HTTP requests. 

“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device,” Cisco says. 

CNET: Huawei ban timeline: US hits Chinese company’s employees with visa restrictions

The third vulnerability is CVE-2020-3144, another CVSS 9.8 bug that impacts the same router line. This security flaw is also present in the web management portal and “could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device,” according to the tech giant. 

CVE-2020-3331, also deemed critical, is present in the Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN routers. Issued a severity score of 9.8, this bug — found in the hardware’s web management interface — was due to how user input is handled and can be abused by unauthenticated, remote attackers to execute arbitrary code with root privileges. 

The final critical issue is CVE-2020-3140 (CVSS 9.8), present in Cisco Prime License Manager (PLM). Another web management portal issue caused by improper user input handling could be abused by attackers sending malicious requests, potentially leading to administrator-level privilege escalation. However, attackers do need a valid username to start with in order to exploit this vulnerability. 

TechRepublic: Cybercriminals disguising as top streaming services to spread malware

In addition to the critical vulnerabilities, Cisco also issued a wide variety of fixes for products and services including Identity Services, email services, SD-Wan vManage and vEdge, and Webex meetings, among other software. 

Ranging from high to medium severity, these security issues include SQL injections, cross-site scripting (XSS) bugs, filter bypass, information leaks, and denial-of-service. 

It is recommended that Cisco customers accept automatic updates or manually apply the latest round of security fixes as soon as possible. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Mobile Semiconductor's Enhanced Memory Compilers Improve Power On Edge AI Devices

Next Post

The week in martech

Related Posts

Malware and ransomware gangs have found this new way to cover their tracks
Internet Security

Malware and ransomware gangs have found this new way to cover their tracks

April 23, 2021
Best free PC antivirus software in 2021
Internet Security

Best free PC antivirus software in 2021

April 23, 2021
ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation
Internet Security

ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation

April 23, 2021
SolarWinds hack analysis reveals 56% boost in command server footprint
Internet Security

SolarWinds hack analysis reveals 56% boost in command server footprint

April 22, 2021
New US Justice Department team aims to disrupt ransomware operations
Internet Security

New US Justice Department team aims to disrupt ransomware operations

April 22, 2021
Next Post
The week in martech

The week in martech

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Malware and ransomware gangs have found this new way to cover their tracks
Internet Security

Malware and ransomware gangs have found this new way to cover their tracks

April 23, 2021
5 Ways Tech Is Making Insurance More Efficient
Data Science

5 Ways Tech Is Making Insurance More Efficient

April 23, 2021
Microsoft Acquisition of Nuance is a Big Deal in Voice Recognition 
Artificial Intelligence

Microsoft Acquisition of Nuance is a Big Deal in Voice Recognition 

April 23, 2021
Machine learning helps Indiana DOT bundle projects — GCN
Machine Learning

Machine learning helps Indiana DOT bundle projects — GCN

April 23, 2021
Who Are The Top Intelligent Document Processing (IDP) Vendors? | by Infrrd | Apr, 2021
Neural Networks

Who Are The Top Intelligent Document Processing (IDP) Vendors? | by Infrrd | Apr, 2021

April 23, 2021
How Intent Data Boosts Conversions
Marketing Technology

How Intent Data Boosts Conversions

April 23, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Malware and ransomware gangs have found this new way to cover their tracks April 23, 2021
  • 5 Ways Tech Is Making Insurance More Efficient April 23, 2021
  • Microsoft Acquisition of Nuance is a Big Deal in Voice Recognition  April 23, 2021
  • Machine learning helps Indiana DOT bundle projects — GCN April 23, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates