‘Very worrying’: Vulnerabilities in Cisco routers pose significant risks


Join today’s leading executives at the Data Summit on March 9. Register here.

The series of newly revealed vulnerabilities in Cisco routers, including five with a “critical” severity rating, have increased cyber risk for businesses of all sizes, cybersecurity executives told VentureBeat.

Among the vulnerabilities, there are three with the highest possible severity rating, including a remote code execution (RCE) vulnerability and a flaw that could allow remote users to elevate their privileges.

While the 15 vulnerabilities affect routers used by small and medium-sized businesses (SMBs), by 2022, large and small businesses will be intertwined from a security perspective. When an SMB fails to address a major security problem like this, for example because of , to a lack of resources – it can turn into a problem for the companies they do business with.

“If SMBs are hacked, it can affect larger organizations,” Matthew Warner, co-founder and chief technology officer at Blumira, said in an email.

For example, in the target breach in 2013, the attackers Reportedly got their first entry by hacking into an HVAC contractor who had worked at Target locations. Instead of going directly after Target, the attackers broke the presumably less-protected contractor — and used it to gain access to Target’s environment, Warner said.

“It’s a common attack mechanism for threat actors to target MSPs or other SMBs that have broad access to some other larger organizations just because of their access,” he said.

‘Critical’ flaws

This week, Cisco revealed the 15 vulnerabilities discovered in the RV160, RV260, RV340, and RV345 series routers. Cisco said it has released patches for the vulnerabilities and there are no fixes for the bugs.

Three of the errors received the highest possible severity rating: 10.0:

CVE-2022-20699 is a vulnerability in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers. The flaw could allow an unauthenticated attacker to remotely execute code on a vulnerable device, and it can be exploited to gain root privileges, Cisco said. CVE-2022-20700 is a web interface vulnerability used to manage Cisco Small Business RV Series routers. The flaw could allow an attacker to remotely increase their root privileges, Cisco said. CVE-2022-20708 is a web interface vulnerability used to manage Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers. The flaw could allow an unauthenticated attacker to inject and execute commands remotely on the underlying Linux operating system, Cisco said.

The other two “critical” vulnerabilities are CVE-2022-20703 – which allows an unauthenticated local user to install malicious software, and has a priority rating of 9.3 – and CVE-2022-20701, which has a rating of 9.0 and related to the Remote Privilege Escalation Vulnerability (CVE-2022-20700).

In its advisory, Cisco noted that of the 15 vulnerabilities, some “are interdependent. Exploitation of one of the vulnerabilities may be necessary to exploit another vulnerability.”

Business risk

The vulnerabilities are “deeply concerning” due to their severity and multiple attack vectors being presented, Tim Silverline, vice president of security at Gluware, said in an email.

While SMBs using the routers are most directly affected by the vulnerabilities, SMBs often connect to business partners through VPN tunnels, Silverline noted. “It could be another entry point to [the enterprise] network if those connections are not properly secured,” he said.

Creating strong security policies at the corporate boundary using positive enforcement or zero trust technologies “can help mitigate most of the risk associated with these types of connections,” Silverline said.

The disclosure comes at a time of high focus on software vulnerabilities, following the disclosure of the RCE flaw in Apache Log4j, a widely used Java logging component, in December. Other major vulnerabilities recently revealed include “PwnKit”, which compromises a commonly installed Linux program – polkit’s pkexec – and can be easily exploited for local privilege escalation.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

Leave a Reply

Your email address will not be published.