Cisco has issued a security alert warning businesses of a critical vulnerability in some of its web-based VPN and firewall routers that could allow remote attackers to commandeer a compromised device as a high privileged user.
The affected products include:
- RV110W Wireless-N VPN Firewall.
- RV130W Wireless-N Multifunction VPN Router.
- RV215W Wireless-N VPN Router.
Customers are vulnerable to a remote attack if they enabled the remote-management feature on the affected devices. The feature is disabled for these devices by default. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.
Cisco Router Vulnerabilities and Software Fixes
There are no workarounds to address the vulnerability. Cisco has released software fixes and is urging businesses to install updates immediately. Users can install and expect support for those products only if they’ve purchased the associated license.
“The vulnerability is due to improper validation of user-supplied data in the web-based management interface,” Cisco’s advisory reads. “An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.”
The networking giant has tagged the flaw as CVE-2019-1663. Under the Common Vulnerability Scoring System, the bug has been given a severity score of 9.8 out of a possible 10.
Cisco has known about the bug for about four months. Last October, security researchers at the GeekPwn Shanghai conference announced they had discovered the flaw but didn’t provide any technical details or identify the affected products.
Cisco didn’t say in its advisory if the bug had been exploited.