Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Cisco Products
Alerts

Critical Vulnerabilities in Cisco Products

16 July 2020

Cisco has released patches to address 5 critical vulnerabilities found in their products.

These vulnerabilities are presented according to their Common Vulnerability Scoring System (CVSS) v3.0 base scores:

Critical vulnerabilities

Critical

Vulnerabilities with a base score of 9.0 to 10.0

High

Vulnerabilities with a base score of 7.0 to 8.9

Medium

Vulnerabilities with a base score of 4.0 to 6.9

Low

Vulnerabilities with a base score of 0.1 to 3.9

None

Vulnerabilities with a base score of 0.0

Critical vulnerabilities

CVE Number

Description

Base Score

Affected Product(s)

CVE-2020-3330

The vulnerability exists because a system account has a default and static password.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

CVE-2020-3323

The vulnerability exists due to improper validation of user-supplied input in the web-based management interface.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

RV130 VPN Router firmware releases earlier than Release 1.0.3.54

RV130W Wireless-N Multifunction VPN Router firmware releases earlier than Release 1.0.3.54

RV215W Wireless-N VPN Router firmware releases earlier than Release 1.3.1.7

CVE-2020-3144

The vulnerability exists due to improper session management on affected devices.

9.8

RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8

RV130 VPN Router firmware releases earlier than Release 1.0.3.55

RV130W Wireless-N Multifunction VPN Router firmware releases earlier than Release 1.0.3.55

RV215W Wireless-N VPN Router firmware releases earlier than Release 1.3.1.7

CVE-2020-3331

The vulnerability exists due to improper validation of user-supplied input data by the web-based management interface.

9.8

RV110W Wireless-N VPN Firewall releases earlier than Release 1.2.2.8

RV215W Wireless-N VPN Router releases earlier than Release 1.3.1.7

CVE-2020-3140

The vulnerability exists due to insufficient validation of user input on the web management interface.

9.8

Prime License Manager (PLM) Software releases 10.5(2)SU9 and earlier

Prime License Manager (PLM) Software releases 11.5(1)SU6 and earlier

Users and system administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:

https://tools.cisco.com/security/center/publicationListing.x

https://www.us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-pre-auth-flaws-allowing-router-takeover/

Back to top