Recently, Cisco has released the security update for a large number of vulnerabilities in VPNs and routers. According to experts, there are a total of 34 vulnerabilities. 5 of them are the most critical ones. Along with Adobe, SAP, VMWare, and Oracle, Cisco also joins the party. This will help all the data servers to protect themselves from being hijacked.
Cisco has given a keen interest in not only the patches for bugs, but also exploited the conduct for the remote code execution. In addition to that, it has released security fixes and patches for privilege escalation attacks.
The 5 Critical Vulnerabilities and Fixes
Amongst all the vulnerabilities, 5 of them are the most important and critical one. Let’s get a brief idea of how Cisco fixed it.
-
CVE-2020-3330
The severity score is 9.8. This security glitch has posed a negative impact on the Cisco telnet service. Moreover, it has also affected VPN routers and firewalls. Previously, many firewalls of Cisco devices used default and static passwords. That is why these glitches took place as they granted unauthorized intruder access. It is now fixed by Cisco. Users have to download the patch file and then install it to fix it.
-
CVE-2020-3323
This flaw also has a severity of 9.8 that has impacted the small business of Cisco. Routers such as RV110W, RV130, RV130W, and RV215W were affected by the glitch. Moreover, the online management portal started showing some validation problems. This happened due to the improper setup and malicious HTTP requests in the network device.
Therefore Cisco has released the firmware update. It is also requesting all the users of the routers to update the firmware that contains the fixes. Cisco also stated that if they don’t do it, then it will affect the user’s operating system too.
-
CVE-2020-314
The 9.8 rated vulnerability has severely impacted the same router lines. This flaw is also present in the web management portal. The flaw is so powerful that it has the ability to allow all the unauthorized remote attackers in the network.
Furthermore, Cisco also informed that it has the power to bypass the authentication, process, and execute arbitrary commands. Cisco has released the fix for this issue. A file that users need to download which will block these authentication processes.
-
CVE-2020-3331
This is the most critical flaw that has affected the routers as well as the VPNs also. Just like the others, its severity score is also 9.8. Tech experts of Cisco have found this flaw in the hardware’s web management user-interface. The flaw first appeared in several user inputs.
Experts have predicted that it can be abused by hackers, i.e. remote attackers with the help of arbitrary codes and root privileges. That is why Cisco has eliminated this issue by redesigning the router home pages. In addition to that, they have strengthened the firewall as well.
-
CVE-2020-3140
With the severity of 9.8, this critical issue was present in the Prime License Manager (PLM). It is another web management platform. The flaw was born by improper user input handling. This created a loophole for the hackers and remote attackers got the opportunity to send malicious data packets and requests.
In addition to that, it has also affected the administration level in privilege escalation. The necessity of a valid username is not at all necessary to exploit this vulnerability. In this case, Cisco has updated and strengthened its web management portal and its firewall too.
Other Bug Fixes in Cisco Devices
Apart from VPNs and routers, there were also issues in SD-WAN Vmanage, vEdge, Identity services, email services, Webex meetings, and others. Cisco has released all the fixes and urged all the users to update their respective devices. In doing so, the users will get the new software and firmware versions with ultimate security.
