Cisco released new security updates and patches 35 vulnerabilities that affected several Cisco Products in order to protect the customers from malicious hackers.
Among 35 vulnerabilities, Cisco marked 1 vulnerability as “critical”, 27 vulnerabilities as “High”, 6 vulnerabilities fixed under medium severity category and 1 vulnerability marked under “Informational” severity.
Critical Severity flaw is a Remote Command Execution Vulnerability CVE-2019-1663that affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows a remote attacker to execute arbitrary code on a vulnerable device.
Critical severity vulnerability affects all releases of the following Cisco products prior to those listed in Fixed Releases:
- RV110W Wireless-N VPN Firewall
- RV130W Wireless-N Multifunction VPN Router
- RV215W Wireless-N VPN Router
Remote attackers exploit this critical vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high privilege.
In this Cisco security updates, 27 high severity vulnerabilities Cause some of the serious attacks including Arbitrary code execution, privilege escalation, Unauthorized Filesystem Access, Web service & LAN DDoS, command injection etc.
Medium severity vulnerabilities affected some of the enterprise Cisco products including Cisco Nexus 5600 and 6000 Series Switches,Cisco Enterprise Chat and Email, Cisco Nexus 9000 Series Fabric Switches.
Cisco NX-OS Software affected with several vulnerabilities and some of the vulnerabilities could allow an authenticated, local attacker to gain elevated privileges on an affected device.
to read the orginal article: