Security crisis expands as 5 Cisco routers have ‘deadly’ vulnerabilities

The Cisco router product line has a number of security vulnerabilities, five of which are classified as “critical”, which is feared to endanger the security of enterprise information of all sizes.

Cisco, the leading global networking company, has a number of potential security vulnerabilities in its router product lines, five of which are considered by information security agencies to have “Critical” level security vulnerabilities.

Among all the products of concern, three have RCE vulnerabilities (Remote Code Execution), which allow hackers to remotely execute commands and remotely elevate intruder privileges, the most serious level of all information security vulnerabilities.

Information security is a dense web, and all vulnerabilities affect each other. The recent revelation of 15 Cisco routers with security concerns, almost all of which are used by small and medium-sized businesses, makes these vulnerabilities difficult to prevent with limited manpower and funding, but big businesses shouldn’t think they’re okay.

“When SMBs are infiltrated by hackers, they can take advantage of the opportunity to attack larger enterprises. Matthew Warner, an engineer at Bluemira, an information security consultancy, says that large enterprises working with these hacked SMEs increase their risk of being hacked.

In the 2013 Target hack, for example, hackers were unable to breach Target’s protections directly, but they chose to hack into the contractor’s system to gain access to Target’s intranet and launch their attack.

For hackers, this is already a basic knowledge. Instead of attacking large enterprises, they should target small and medium-sized enterprises that work with many large enterprises, and by taking down one, they will have the opportunity to penetrate multiple large enterprises.

Cisco has proactively disclosed 15 router security vulnerabilities in their RV160, RV260, RV340 and RV345 series products, and has issued software updates to fix the vulnerabilities.

Three of the vulnerabilities received a full security risk rating of 10. These are CVE-2022-20699, CVE-2022-20700, and CVE-2022-20708, affecting the RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers. If your organization is using any of these products, you should update immediately to ensure security.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s