Amid a week punctuated by high-profile critical security vulnerability disclosures from Microsoft and Oracle, Cisco Systems today released 31 security patches that include critical ones for some of its router products.
In a tweet today announcing the Cisco release, US-CERT recommended users to "Patch ASAP!"
The critical flaws included in the patch release are a static default credential vuln in Cisco's Small Business RV110W Wireless-N VPN Firewall; a remote command execution vuln in its Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface; an authentication bypass vuln in its RV110W, RV130, RV130W, and RV215W routers; an arbitrary code execution vuln in its RV110W and RV215W Series routers; and a privilege escalation vuln in the Cisco Prime License Manager.
"An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system," US-CERT wrote it its advisory.
Read Cisco's advisories here.