Cisco Will Not Release Software Updates for Critical Vulnerability in EOL VPN routers

7
Cisco Will Not Release Software Updates for Critical Vulnerability in EOL VPN routers

Cisco has announced that software updates for vulnerability in its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130W, RV130, and RV215W Routers will not be released.

The flaw allows an unauthenticated remote attacker to run arbitrary code or force an affected device to restart unexpectedly, resulting in a denial of service (DoS) situation.

Cisco said in a statement, “This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.” 

To Read More: ZDnet 

For more such updates follow us on Google News ITsecuritywire News.