Cisco Patches Critical Vulnerabilities in Small Business Routers, SD-WAN

Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products.

The company warned that the web-based management interface of small business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is affected by seven severe vulnerabilities that could be abused by unauthenticated, remote attackers to execute arbitrary code as root.

The issue, Cisco says, exists because of improper validation of HTTP requests. Rated critical severity (CVSS score of 9.8), the flaws were addressed with the release of firmware versions 1.0.01.02 and later for all of the affected products. Two high severity vulnerabilities were also fixed in these devices.

The tech company also released fixes for six bugs in SD-WAN products, the most important of which is rated critical severity (CVSS score 9.9). While not dependent on each other, the resolved issues could be abused to perform actions with root privileges on the affected devices.

Created by the improper input validation of user-supplied input, the flaws impact SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software, and SD-WAN vSmart Controller Software.

Cisco addressed these security holes in SD-WAN releases 19.2.4, 20.1.2, 20.3.2, and 20.4.1. The company also notes that it is not aware of these bugs being exploited in the wild.

This week, the company also detailed numerous high severity flaws in small business RV series routers, including a set of 30 bugs leading to arbitrary code execution or denial of service, and another of 5 issues that a remote attacker could exploit to inject arbitrary commands and have them executed with root privileges.

Caused by improper validation of user-supplied input, the flaws impact RV016, RV042, RV042G, RV082, RV320, and RV325 series routers, and were addressed with the release of firmware version 1.5.1.13 for RV320 and RV325 routers.

The Cisco RV016, RV042, RV042G, and RV082 routers, however, won’t receive patches, because they have already reached end-of-life status.

Other high risk vulnerabilities that Cisco patched this week affect IOS XR software: one denial of service in the IPv6 protocol handling and two in the ingress packet processing function of IOS XR software, and two image verification bugs and one privilege escalation that affect IOS XR software for the Cisco 8000 series routers and Network Convergence System (NCS) 540 series routers.

Multiple high severity issues were addressed in SD-WAN products as well, including five flaws that could lead to denial of service, and three authorization bypasses that could allow attackers to modify configurations, access sensitive information, or view data without authorization.

Cisco also released patches for medium severity flaws in Webex, Unified Computing System (UCS), IOS XR Software, Managed Services Accelerator (MSX), and DNA Center, and announced that it would release software updates to fix multiple bugs in the DNS forwarder implementation of dnsmasq.

On Wednesday, the tech company expanded the list of products affected by the recent Sudo vulnerability with the addition of Virtual Topology System (formerly Cisco Virtual Systems Operations Center) – VTSR VM and Ultra Cloud.

Further information on the vulnerabilities Cisco has addressed in its products this week can be found on the company’s security portal.

Related: Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

Related: Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers

Related: VMware, Cisco Reveal Impact of SolarWinds Incident