On Wednesday, Cisco Systems released 20 security updates, specifically by fixing a critical vulnerability in two router products that could result in remote code execution or a denial of service condition.
Referred to as CVE-2018-0125, the critical error is found in the Cisco RVS2 VPN2 + Wireless-N VPN Router Web Interface and the VDSL2 RV134W VPN-AC Wireless Routers. Firmware version 1.0.1.11 fixes this vulnerability.
The error comes from "incomplete validation of entries at the user-controlled entry in an HTTP request to the target device", warns Cisco in a warning, and "could allow an unauthenticated remote attacker to execute arbitrary code and take full control of an affected system. ", including issuing commands with root privileges. In addition, attackers can also trigger the aforementioned (DoS) condition by causing an affected system to reboot.
Cisco has also released patches for three high-severity and 15 medium-severity failures, while updating a warning for a critical vulnerability detected in its adaptive security appliance.
