Cisco Patches Critical Router Bug


by Artie Kaye

A couple of flaws patched by Cisco could allow attackers to gain root access to the affected devices.  This could allow them to execute code remotely or create a denial of service to the network served by the router.  There is no workaround for the exploit and patching is the only preventative measure to protect the device and your network.  The affected devices are:

RV160 VPN Routers
RV160W Wireless-AC VPN Routers
RV260 VPN Routers
RV260P VPN Routers with PoE
RV260W Wireless-AC VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers

The flaws are listed as CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/