Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Says Recent Cisco Router Vulnerabilities Exploited in Attacks

CISA Warns of 60 Exploited Vulnerabilities Affecting Cisco, Microsoft Products

CISA Warns of 60 Exploited Vulnerabilities Affecting Cisco, Microsoft Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced adding 95 security flaws to its list of known exploited vulnerabilities, including more than 60 affecting Cisco and Microsoft products.

Only five of the vulnerabilities added this week to CISA’s catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco’s Small Business RV160, RV260, RV340, and RV345 series routers.

The Cisco vulnerabilities are all rated “critical severity” and they can be exploited for arbitrary code/command execution and privilege escalation. Some of the flaws can be exploited remotely and without authentication.

When it disclosed the vulnerabilities, Cisco warned that it had been aware of the availability of proof-of-concept (PoC) exploits, but did not mention any attacks. The company’s advisory still does not mention active exploitation and there do not appear to be any public reports of malicious attacks.

However, CISA told SecurityWeek in the past that it’s aware of real world attacks for each of the vulnerabilities added to its catalog.

MDR firm Deepwatch assessed with moderate confidence in mid-February that one of the vulnerabilities, CVE-2022-20699, would be exploited to install cryptocurrency miners or to gain an initial foothold into an organization. SecurityWeek has also found a recent blog post titled “Hackers Exploiting Cisco RV VPN Routers,” which references these vulnerabilities, but it does not describe any actual attacks.

[ READ: CISA’s ‘Must Patch’ List Puts Spotlight on Vulnerability Management Processes ]

SecurityWeek has reached out to Cisco for information on in-the-wild exploitation and will update this article if the networking giant responds.

As per Binding Operational Directive (BOD) 22-01, which instructs federal civilian agencies to patch vulnerabilities included in CISA’s catalog within defined timeframes, these Cisco router flaws will need to be patched by March 17.

One of the vulnerabilities added this week to CISA’s “Must Patch” list is CVE-2021-41379, a privilege escalation weakness in Windows that has been exploited since November 2021, particularly by malware.

The remaining vulnerabilities added by CISA to its list this week are older: two are from 2020 and the rest have CVE identifiers ranging between 2002 and 2019.

Of the 95 new CVEs, 38 are for Cisco vulnerabilities and 27 for Microsoft vulnerabilities. There are also 16 flaws affecting Adobe products, and seven impacting Oracle products.

While BOD 22-01 only applies to federal agencies, CISA has advised all organizations to use its catalog to prioritize vulnerability patching.

Related: CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks

Related: CISA Urges Organizations to Patch Actively Exploited Zimbra XSS Vulnerability

Related: CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.