1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco patches authentication, denial-of-service, NTP flaws in many products

Discussion in 'Network World' started by RSS, Jan 29, 2016.

  1. RSS

    RSS New Member Member

    Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.

    The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

    Cisco has patched this vulnerability in the firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page