Cisco Shows no Intentions on Patching EOL Vulnerabilities

Cisco, an American Multinational Conglomerate stated this week it does not plan on fixing vulnerabilities in end-of-life (EOL) Cisco routers, more than 70 vulnerabilities were spotted in CISCO’s Small Business RV110W, RV130, RV130W, and routers. Despite these vulnerabilities, the company has no intentions to fix these patches.
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
System ram type: DDR4_sdram
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Cisco stated that these devices have reached end-of-life (EOL) hence there is no point in fixing the Cisco routers. The deadline regarding software maintenance releases and bug fixes was December 1, 2020. Cisco has released software updates to fix these vulnerabilities and said they are not mindful of threat actor exploits targeting the vulnerabilities.
CVE-2021-1144 recognized as a high severity bug (CVSS score of 8.8) in Connected Mobile Experiences (CMX) is the most valuable flaw which can be exploited by threat actors to alter the passwords for any user account on the system which includes administrator accounts as well. Threat actors can exploit the vulnerability by sending an altered HTTP request to a susceptible device.
CVE-2021-1237 (CVSS score of 7.8) is tracked as another high severity flow, it was detected in the AnyConnect Secure Mobility Client for Windows, influencing the Web Security Agent Components and the endpoint solution’s Network Access Manager. This vulnerability could be exploited by an authenticated and local threat actor for Dynamic Link Library (DLL) installation.
Cisco stated that “an attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges”.
Cisco issued 18 other recommendations explaining medium severity bugs in Proximity Desktop for Windows, ASR 5000 routers, Enterprise NFV Infrastructure Software (NFVIS), Webex, Finesse, Firepower Management Center (FMC), Video Surveillance 8000 IP Cameras, Unified Communications products, DNA Center, AnyConnect Secure Mobility Client, and CMX API authorizations.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.