Kaspersky failing to update
Essentially, the known group of BadAlloc bugs tied to BlackBerry’s embedded QNX operating system (OS) now affects older devices.Ĭisco’s advisory simply states, “Cisco is investigating its product line to determine which products and services may be affected by this vulnerability.” So far, no products have been listed. The other critical flaw addressed in the updates has to do with the BlackBerry QNX-2021-001 bug disclosed this week, which allows threat actors to take over or launch DoS attacks on devices and critical infrastructure.
#Kaspersky failing to update update#
Affected companies should look to update their hardware to avoid compromise. The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers, which reached end-of-life in September of 2019. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.” “An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. “This vulnerability is due to improper validation of incoming UPnP traffic,” according to the advisory.
It could allow an unauthenticated attacker to achieve RCE or cause an affected device to restart unexpectedly.
The critical router issue, which carries a base CVSS score of 9.8 out of 10, affects the hardware’s Universal Plug-and-Play (UPnP) service, Cisco said. The bug ( CVE-2021-34730) is one of six addressed by Cisco this week it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week (CVE-2021-22156), which affects multiple vendors, well beyond Cisco. The networking giant said that no patch or workaround will be coming for the bug, since the routers reached end-of-life back in 2019. A critical security vulnerability in Cisco Small Business Routers (RV110W, RV130, RV130W and RV215W models) allows remote code execution (RCE) and denial of service (DoS).