Critical Vulnerabilities in Cisco Products

Published on 16 Jul 2020

Updated on 16 Jul 2020

Cisco has released patches to address 5 critical vulnerabilities found in their products.

These vulnerabilities are presented according to their Common Vulnerability Scoring System (CVSS) v3.0 base scores:

Critical

Vulnerabilities with a base score of 9.0 to 10.0

High

Vulnerabilities with a base score of 7.0 to 8.9

Medium

Vulnerabilities with a base score of 4.0 to 6.9

Low

Vulnerabilities with a base score of 0.1 to 3.9

None

Vulnerabilities with a base score of 0.0

 

Critical Vulnerabilities

CVE Number

Description

Base Score

Affected Product(s)

CVE-2020-3330

The vulnerability exists because a system account has a default and static password.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

CVE-2020-3323

The vulnerability exists due to improper validation of user-supplied input in the web-based management interface.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

RV130 VPN Router firmware releases earlier than Release 1.0.3.54

RV130W Wireless-N Multifunction VPN Router firmware releases earlier than Release 1.0.3.54

RV215W Wireless-N VPN Router firmware releases earlier than Release 1.3.1.7

CVE-2020-3144

The vulnerability exists due to improper session management on affected devices.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

RV130 VPN Router firmware releases earlier than Release 1.0.3.55

RV130W Wireless-N Multifunction VPN Router firmware releases earlier than Release 1.0.3.55

RV215W Wireless-N VPN Router firmware releases earlier than Release 1.3.1.7

CVE-2020-3331

The vulnerability exists due to improper validation of user-supplied input data by the web-based management interface.

9.8

RV110W Wireless-N VPN Firewall releases earlier than Release 1.2.2.8

RV215W Wireless-N VPN Router releases earlier than Release 1.3.1.7

CVE-2020-3140

The vulnerability exists due to insufficient validation of user input on the web management interface.

9.8

Prime License Manager (PLM) Software releases 10.5(2)SU9 and earlier

Prime License Manager (PLM) Software releases 11.5(1)SU6 and earlier

Users and system administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:

https://tools.cisco.com/security/center/publicationListing.x

https://www.us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-pre-auth-flaws-allowing-router-takeover/