Cisco has released software updates to address critical vulnerabilities found in their products.
The critical vulnerabilities are:
- CVE-2022-20842 - A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual Wide Area Network (WAN) Gigabit Virtual Private Network (VPN) Routers could allow an unauthenticated, remote attacker to execute arbitrary code with administrator privileges or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition
- CVE-2022-20827 - A vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges
There are no workarounds to address both critical vulnerabilities.
Administrators and users of affected products are advised to upgrade to the appropriate fixed software release immediately.
More information is available here: