News for September 9, 2022


Cisco Not Patching End of Life Devices
by Artie Kaye

While releasing patches for some of their current products, the company also stated that these products will no longer have security updates. 

RV110W Wireless-N VPN Firewall
RV130 VPN Router
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

These products have a known security vulnerability and Cisco recommends replacing as soon as able.  End of life products can often be an easy means for hackers to gain access, as security vulnerabilities can be discovered after support has stopped.

The flaw is listed as CVE-2022-20923.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O

https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-authentication-bypass-zero-day-in-eol-routers/

https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html

WordPress BackupBuddy Vulnerability
by Artie Kaye

The plugin can allow access to files stored for the WordPress site it is installed with.  Versions 8.5.8.0 through 8.7.4.1 are affected.  There is an update for BackupBuddy available which closes this flaw.  It is recommended to go through the plugins used on your WordPress site and check for updates as there have been many flaws found in recent months.

https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/

https://www.darkreading.com/attacks-breaches/attackers-exploit-zero-day-wordpress-plugin-vulnerability-backupbuddy

https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html