Cisco patches authentication, denial-of-service, NTP flaws in many products
Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.
The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall’s Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.
Cisco has patched this vulnerability in the 18.104.22.168 firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.