Some Security Patches For Your Cisco Routers … No Not Yours, Just Those Other Ones
Cisco decided to give us a great start to the week by providing details on five critical bugs affecting four models of routers, of which three bugs are of the highest severity. The problem isn’t so much that they notified us, the issue lies in the fact they have yet to offer patches for two of the four effected models.
The specific routers are the RV160, RV260, RV340 and RV345 and if you have any of the latter two on your network you should apply the security patches. If you are running a RV160 or RV260 then so far the advice is to turn them off and hurry up and wait. The three top rated vulnerabilities cover it all, with remote code execution, privilege escalation and command injection all currently possible. These are all possible to achieve without physical access to your hardware, all can be done via HTTPS or submitting commands over the network.
According to a report The Register saw, there are “at least 8,400 publicly accessible” Cisco routers which are not patched against these flaws, but the good news is that though the proof of concepts exist security firm Tenable’s Shodan scan showed no sign of exploits posted to the usual repositories.
If that's not enough to worry about, the boxes can also be made to create DDoS attacks.