Cisco Fixes Critical Firewall, Router Hole

Friday, March 8, 2019 @ 01:03 PM gHale

Cisco released multiple security updates to address vulnerabilities in various Cisco products, where an attacker could exploit some of those vulnerabilities to take control of an affected system.

In all, there was one vulnerability rated as critical, 27 rated as high, 6 medium, according to the Cisco advisory.

RELATED STORIES
Cisco Clears Router, Firewall Issues
Cisco Issues Security Update
Cisco Clears Vulnerabilities
Cisco Clears Security Appliance Holes

The critical rated vulnerability, which had a CVSS score of 9.8, is in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router which could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.

A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user, Cisco said in its advisory.

Cisco released software updates that address this vulnerability. However, there are no workarounds.

The vulnerability affects all releases of the following Cisco products:
• RV110W Wireless-N VPN Firewall
• RV130W Wireless-N Multifunction VPN Router
• RV215W Wireless-N VPN Router

The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices.

To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.

Cisco released free software updates that address the vulnerability.

Cisco fixed this vulnerability in the following releases:
• RV110W Wireless-N VPN Firewall: 1.2.2.1
• RV130W Wireless-N Multifunction VPN Router: 1.0.3.45
• RV215W Wireless-N VPN Router: 1.3.1.1



Leave a Reply

You must be logged in to post a comment.