Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers. The bugs are exploitable remotely without requiring authentication as part of low complexity attacks that don’t require user interaction. Remote management feature is disabled by default on all affected VPN router models. Similar router vulnerabilities have been targeted in the past by attackers in the wild by Chinese state-sponsored threat actors. The company has released software updates to address these vulnerabilities and says no workarounds are available to remove the attack vectors. To download the patched firmware from Cisco’s Software Center, you must click Browse All on Cisco.com and navigate to Downloads Home.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/