Cisco developers announced this week that they will not be fixing a critical bug in…
In total, the patches fix 15 vulnerabilities, five of which are rated as critical, as attackers can use them to gain root privileges or remotely execute commands on the device.
Three vulnerabilities actually received the maximum 10 points out of 10 possible on the CVSS vulnerability rating scale: CVE-2022-20699, CVE-2022-20700 and CVE-2022-20707. These issues affect the RV160, RV260, RV340, and RV345 series routers.
CVE-2022-20699 is an arbitrary code execution issue in the SSL VPN module. The bug is related to insufficient bounds checking when processing certain HTTP requests. In turn, the vulnerabilities CVE-2022-20700 and CVE-2022-20708 allow privileges to be elevated to the root level and arbitrary commands to be injected. They were found in the web interface of routers, the protection mechanisms of which turned out to be too weak and did not check the data entered by the user.
Other critical vulnerabilities include CVE-2022-20703, a signature verification bypass (CVSS score of 9.3), and CVE-2022-20701 (CVSS score of 9), which allows privilege escalation.
Cisco engineers say that some of the vulnerabilities need to be exploited together:
Let me remind you that we also wrote that Cisco warned about 0-day vulnerabilities in IOS XR, and that Cisco will not fix a critical bug in older routers.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…