Many of the security holes were fixed 4-5 years ago, but attackers use them against organizations that have not installed patches.
Many of the "critical" or "high" vulnerabilities were fixed 4-5 years ago, but organizations that have not applied patches continue to be attacked with them.
Cisco warned last week that hackers are exploiting more than 20 old vulnerabilities in Cisco IOS Software, NX-OS and HyperFlex.
"In March 2022, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempts to exploit these vulnerabilities in the wild. We continue to strongly encourage customers to install updated versions of the software as soon as possible," the warning reads.
In five updated advisories, Cisco detailed five critical vulnerabilities (allowing arbitrary code execution, command execution, or DoS attacks) and gave advice on how to fix them.
We are talking about security holes that received a score of 9.8 out of 10 on the CVSS scale:
CVE-2017-12240;
CVE-2018-0171;
CVE-2018-0125;
CVE-2021-1497;
CVE-2018-0147.
These vulnerabilities affect Cisco IOS and IOS XE, RV132W and RV134W routers, HyperFlex HX, and Secure Access Control System (ACS).
Cisco also updated 15 advisories addressing minor bugs in Cisco IOS and IOS XE and one advisory addressing an RCE vulnerability in the RV Series Small Business Routers.
Comments 0