Cisco Small Business Router Security Flaws Allow Malicious Code Execution, Patch ASAP

Cisco Small Business Router
A new Security Advisory from Cisco has outlined a huge number of security-related vulnerabilities and issues that have been patched in their latest firmware update. The security advisory says to run updates on the devices affected immediately.

The advisory, which was first published on February 2 and updated again on February 4 of 2022, outlines that a large number of bugs have been patched in the latest firmware available for the devices. The bugs that were patched allow things such as arbitrary code execution, elevating privileges, arbitrary command execution, and bypass authorization and authentication. These are particularly nasty in that they effectively allow an attacker to log into the affected device and in turn run whatever they want on it by elevating their privileges on the device. Because this makes access to the device directly available, it also allows the attacker to download and run unsigned software and even drive denial-of-service attacks utilizing any of these Cisco routers.
cisco rv345p router
Cisco is most likely one of the most popular enterprise network hardware providers in the world, according to Statista, supporting more than 55% of the enterprise network infrastructure. So it stands to reason a pretty good portion of the enterprise and small-business market do make use of these particular models. With as much hardware that could potentially be affected, if enough of these deploy router remain unpatched, there is a decent probability of them being added to a botnet to create a pretty nasty Distributed-Denial-of-Service (DDoS) attack, should that be the goal of the attacker.

As of right now, Cisco states that only the following models are affected by the vulnerabilities:
  • RV160 VPN Routers
  • RV160W Wireless-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wireless-AC VPN Routers
  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers
While all of these models, the most recent of which being RV345P, are no longer being sold by Cisco as of October of 2021, there’s still a good chance that many of these products are still in active service. So, if you know someone, whether that be a business owner, an IT firm, a managed service provider, or anyone who might use one of these models, please let them know to update their firmware immediately. The full report from Cisco is available here.