While Cisco released updates to fix three vulnerabilities in its products, the company says it will not be patching a VPN-hijacking vulnerability that affects four of its small business routers because they have reached End of Life (EoL). Cisco urges customers still using the older routers to upgrade; there are no workarounds for the vulnerability in the affected devices.
- It is very important to track the end of life/end of support of hardware and software you are using. Cisco at least still releases notices alerting users of new vulnerabilities. Other vendors may just go silent after their products reach end of support.
- If you’re using the RV100W, RV130, RV130W or RV215W router/firewalls, it’s time to forklift them out of there. Even if you’re not using the IPSec VPN network on these (and therefore not vulnerable to these issues), they are end-of-life and other security updates will not be forthcoming.
- The smaller the number of appliances that one manages, the less efficient it is to patch one. For small numbers of old devices, the cost of maintenance is likely to exceed the cost of replacement.