Last week, Cisco disclosed 15 vulnerabilities in Cisco routers, including five with “critical” severity ratings.
The vulnerabilities, which affect the Cisco Small Business RV160, RV260, RV340, and RV345 series VPN routers could allow an attacker to execute arbitrary code, elevate privileges, bypass authentication and authorization protections, install and run unsigned software and cause denial of service.
There are no workarounds that address these vulnerabilities, Cisco said, but software updates have already been released.
That doesn’t mean that companies will immediately install updates. Cybercriminals have found massive success exploiting vulnerabilities just like this, months or years after they’d been disclosed and patches released, said Satnam Narang, senior research engineer at Tenable Network Security.