[BreachExchange] Cisco Patches Critical Vulnerability in Small Business VPN Routers
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Thu Aug 5 11:27:25 EDT 2021
https://www.securityweek.com/cisco-patches-critical-vulnerability-small-business-vpn-routers
Cisco on Wednesday announced the release of patches for a critical
vulnerability in small business VPN routers that could allow
unauthenticated attackers to execute arbitrary code on affected devices.
Tracked as CVE-2021-1609 (CVSS score 9.8), the issue was discovered in the
web interface of RV340, RV340W, RV345, and RV345P routers and exists
because HTTP requests are not properly validated.
To exploit the bug, a remote, unauthenticated attacker has to send
specially crafted HTTP requests to an affected device, which could allow
them to execute arbitrary code or cause a denial of service (DoS) condition.
“[T]he web management interface is locally accessible by default and cannot
be disabled, but is not enabled for remote management by default. However,
based on queries via BinaryEdge, we’ve confirmed there are at least 8,850
remotely accessible devices,” Satnam Narang, staff research engineer at
Tenable, commented.
CVE-2021-1610, a second vulnerability addressed in the same devices, could
result in an attacker executing arbitrary commands as root. While
exploitation is similar to the critical vulnerability, authentication is
required for a successful attack, which lowers the bug’s severity rating to
high.
The two vulnerabilities can be exploited independently of one another,
Cisco says. The company has released patches for both issues and says that
it’s not aware of any malicious attacks exploiting them.
“Organizations that use these Cisco Small Business VPN routers and have
exposed their management interface externally can address these flaws by
patching their devices. If patching is not feasible at this time, disabling
the remote management option on these devices will mitigate the flaws until
patches can be applied,” Narang said.
On Wednesday, Cisco released patches for a series of other high-severity
vulnerabilities as well, including a remote command execution issue in
RV160, RV160W, RV260, RV260P, and RV260W VPN routers, a DLL injection bug
in Packet Tracer for Windows, a command injection flaw in Network Services
Orchestrator, and a privilege escalation issue in ConfD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210805/8d780794/attachment.html>
More information about the BreachExchange
mailing list