Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers. The flaws could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. Cisco also addressed 30 additional vulnerabilities (CVE-2021-1319) affecting the same set of products, that could allow an authenticated, remote attackers to execute code and even cause a denial-of-service condition. The company also noted there’s been no evidence of active exploitation attempts in the wild for any of these flaws.
Source: https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html