Cisco warns security patch didn’t fix security problem

By on
Cisco warns security patch didn’t fix security problem

Cisco has warned that a patch issued in January 2019 for some of its VPN routers didn’t work.

The company’s January 23rd advisory warned of “A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers” that “ could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.”

“A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root,” the advisory added.

Which is bad. So Cisco tried to fix it up.

We say “tried” because on March 27th Cisco added a note to the original advisory that said “The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix. This document will be updated once fixed code becomes available.”

"Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability."

Which is bad. Because lots of users out there will think they’ve already fixed the problem with this product.

CRN will update this story once Cisco issues a fix that works. The company's not said when it expects that fix to arrive.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
cisco fail networking router security vpn

Partner Content

Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?