Cisco warns massive 9.8/10-severity security hole
Lest we fall into a sense of false security given the lack of a high profile cyber attack in recent months, we have a new warning from Cisco over the need to patch a vulnerability in their hardware. A solid reminder that the demand drivers for our Safety & Security investing theme come in all shapes and sizes.
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network.
The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
The networking giant has assigned the bug, tagged as CVE-2019-1663, with a severity score of 9.8 out of a possible 10 under the Common Vulnerability Scoring System (CVSS).
Cisco’s developers failed to ensure the web app properly checks data that users type into the routers’ management interface, which could give an attacker control of the operating system.
Source: Cisco: Patch routers now against massive 9.8/10-severity security hole | ZDNet
