Cisco Security Updates Fail In Small Business Routers RV320/RV325 - Insight Trending

Cisco Security Updates Fail In Small Business Routers RV320/RV325

Share This
Cisco Security Updates Fail In Small Business Routers RV320/RV325
Cisco Small Business RV320 and RV325 WAN VPN routers are still vulnerable to attack through two critical vulnerabilities that Cisco had supposedly patched.First flagged months ago have yet to receive adequate fixes despite regular rounds of patching.

Security flaws impacted Cisco RV320 and RV325 WAN VPN routers,the two models which popular with internet service providers.The two were:

CVE-2019-1652 - allows a remote attacker to inject and run admin commands on the device without a password.
CVE-2019-1653 - allows a remote attacker to get sensitive device configuration details without a password.

In its Cisco security advisories page, company said that it still does not have a fix but it is working on it.The vulnerability allowed an "unauthenticated, remote attacker to retrieve sensitive information" and it is due to access controls for URLs.

"An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs," it explained. "A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information."

The company also said that there are no current firmware updates that address the issue or any workarounds. A fix to this vulnerability is expected to be available by mid-April.

The attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device.

"A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root."You can check all updates here.

No comments:

Post a Comment

Recommended

Post Bottom Ad