Cisco says it’s fixed flaw affecting multiple small business VPN routers

(Image credit: Shutterstock / Valriya Zankovych)

Cisco has released patches for two security flaws that impact several of the company’s VPN routers for small businesses.

The two vulnerabilities, tracked as CVE-2021-1609 and CVE-2021-1602, were discovered in the company’s web-based management interface.

While CVE-2021-1609, which exists as a result of improperly validated HTTP requests, impacts Cisco’s RV340, RV350W, RV345 and RV345P Dual WAN Gigabit VPN routers, CVE-2021-1602, which is due to insufficient user input validation, impacts RV160, RV160W, RV260, RV260P and RV260W VPN routers.

TechRadar needs you!

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

>> Click here to start the survey in a new window <<

We’ve built a list of the best business VPN services around

Cisco says it's fixed flaw affecting multiple small business VPN routers

These are the best small business routers on the market

Also check out our roundup of the best endpoint protection software

According to a security advisory from Cisco, CVE-2021-1609 can be exploited by a remote attacker on one of the vulnerable VPN routers to execute arbitrary code or to cause the device to reload resulting in a denial of service (DoS) condition.

In a second security advisory, the networking giant explained that CVE-2021-1602 can be exploited by an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of affected devices.

Remote management disabled by default

Although these two vulnerabilities have CVSS scores of 9.8 and 8.2, launching an attack that exploits them will prove challenging for hackers as the remote management feature is disabled by default on all of the affected VPN routers.

Instead organizations need to use a local LAN connection to access Cisco’s web-based management interface where both security flaws reside. Still though, owners of affected devices can check to see if remote management has been enabled by accessing the web-based management interface, going to “Basic Settings” and seeing if the “Remote Management” option has been toggled on.

While Cisco says that there are no workarounds available to address these vulnerabilities, the company has released software updates to address both security flaws. Additionally the company’s Product Security Incident Response Team (PSIRT) has not observed any exploits or attacks in the wild leveraging these vulnerabilities.

Organizations that own one of the impacted VPN routers can go to Cisco’s Software Center to download the patched firmware for their devices.

We’ve also highlighted the best VPN

Via Bleeping Computer

Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.

See more Computing news

Leave a Reply

Your email address will not be published. Required fields are marked *