Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA Says Recent Cisco Router Vulnerabilities Exploited in Attacks

CISA Warns of 60 Exploited Vulnerabilities Affecting Cisco, Microsoft Products

CISA Warns of 60 Exploited Vulnerabilities Affecting Cisco, Microsoft Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced adding 95 security flaws to its list of known exploited vulnerabilities, including more than 60 affecting Cisco and Microsoft products.

Only five of the vulnerabilities added this week to CISA’s catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco’s Small Business RV160, RV260, RV340, and RV345 series routers.

The Cisco vulnerabilities are all rated “critical severity” and they can be exploited for arbitrary code/command execution and privilege escalation. Some of the flaws can be exploited remotely and without authentication.

When it disclosed the vulnerabilities, Cisco warned that it had been aware of the availability of proof-of-concept (PoC) exploits, but did not mention any attacks. The company’s advisory still does not mention active exploitation and there do not appear to be any public reports of malicious attacks.

However, CISA told SecurityWeek in the past that it’s aware of real world attacks for each of the vulnerabilities added to its catalog.

MDR firm Deepwatch assessed with moderate confidence in mid-February that one of the vulnerabilities, CVE-2022-20699, would be exploited to install cryptocurrency miners or to gain an initial foothold into an organization. SecurityWeek has also found a recent blog post titled “Hackers Exploiting Cisco RV VPN Routers,” which references these vulnerabilities, but it does not describe any actual attacks.

[ READ: CISA’s ‘Must Patch’ List Puts Spotlight on Vulnerability Management Processes ]

SecurityWeek has reached out to Cisco for information on in-the-wild exploitation and will update this article if the networking giant responds.

As per Binding Operational Directive (BOD) 22-01, which instructs federal civilian agencies to patch vulnerabilities included in CISA’s catalog within defined timeframes, these Cisco router flaws will need to be patched by March 17.

One of the vulnerabilities added this week to CISA’s “Must Patch” list is CVE-2021-41379, a privilege escalation weakness in Windows that has been exploited since November 2021, particularly by malware.

The remaining vulnerabilities added by CISA to its list this week are older: two are from 2020 and the rest have CVE identifiers ranging between 2002 and 2019.

Of the 95 new CVEs, 38 are for Cisco vulnerabilities and 27 for Microsoft vulnerabilities. There are also 16 flaws affecting Adobe products, and seven impacting Oracle products.

While BOD 22-01 only applies to federal agencies, CISA has advised all organizations to use its catalog to prioritize vulnerability patching.

Related: CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks

Related: CISA Urges Organizations to Patch Actively Exploited Zimbra XSS Vulnerability

Related: CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.