Cisco has released a new set of security patches for a variety of its products such as Small Business Routers, TelePresence Collaboration Endpoint, RoomOS, and others.
Cisco has announced many updates to fix a security vulnerability across the web-based management interface of Small Business RV016, RV042, RV042G, and RV082 routers, Web Security Appliances, TelePresence Collaboration Endpoint, and RoomOS Audio.
Don’t forget to apply the security updates
At the side of small business routers, the bug is tracked as CVE-2019-15271 and features a CVSS score of 8.8. The new patches will also fix the HTTP payloads’ lack of validation, leading to execute arbitrary commands. Vulnerable routers should update to firmware releases 22.214.171.124 and later or 1.5.1.05 and later to provide protection against an authenticated attacker.
Furthermore, these security updates fix several issues including testing certificates and keys, static certificates and keys, hardcoded password hashes, and vulnerabilities in third-party software components.
Vulnerability in Web Security Appliance
Cisco Web Security Appliances (WSA) have also a vulnerability in their web management interface.
The company explained the bug with the words:
A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.
TelePresence CE and RoomOS Audio
Cisco TelePresence Collaboration Endpoint and RoomOS Audio have a medium-risk level about eavesdropping vulnerability. It means to allow an attacker to access the microphone of an affected voice and video conferencing device to record audio without any notification.
For further information on the addressed vulnerabilities and the available patches can be found on Cisco’s support page.