Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Cisco Products
Alerts

Critical Vulnerabilities in Cisco Products

4 August 2022

Cisco has released software updates to address critical vulnerabilities found in their products. 

The critical vulnerabilities are:

  • CVE-2022-20842 - A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual Wide Area Network (WAN) Gigabit Virtual Private Network (VPN) Routers could allow an unauthenticated, remote attacker to execute arbitrary code with administrator privileges or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition

  • CVE-2022-20827 - A vulnerability in the web filter database update feature of Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to perform a command injection and execute commands on the underlying operating system with root privileges

There are no workarounds to address both critical vulnerabilities. 

Administrators and users of affected products are advised to upgrade to the appropriate fixed software release immediately.

More information is available here:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Back to top