Gradient Cyber Q1 2022 Update
Mar 24, 2022
Today we look back at our “Top Projects from 2021” and “Look Ahead to 2022”.
2021 was a challenging year for many, but we are thankful to have kept our focus and made progress in so many key areas of our business jointly with our customers’ help and input.
RCE Vulnerability found in Cisco Small Business RV Series routers
Mar 22, 2022
On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices.
This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability.
Critical Vulnerabilities in Cisco SD-WAN vManage Software
Jan 10, 2022
On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems.
For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory.
Cisco has released software updates that address and mitigate these vulnerabilities.
