Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code.
The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. These small business routers are used for wireless connectivity in small offices and home offices.
“A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user,” said Cisco is its Wednesday advisory.
Specifically, the vulnerability exists in the web-based management interface for the three router models. The management interface for these devices is available through a local LAN connection or the remote management feature.
The glitch stems from the interface, which does not properly double check the user-supplied data sent to it. So an attacker could send malicious HTTP requests to the impacted targeted devices, and ultimately execute code on them. Making matters worse, the attacker could be unauthenticated and remote.
“The vulnerability is reportedly due to improperly validated user input fields through the HTTP/HTTPS user management interface, said Ryan Seguin, engineer with Tenable, in a Wednesday analysis of the flaw. “Cisco has tagged this vulnerability with CWE-119, the designation for a buffer overflow. This means that a pre-authentication user input field on these devices can be manipulated into dropping code into the device’s memory, which it then executes at the system level.”
Routers with the remote-management feature enabled are exposed to a remote attack, Cisco said. The feature is disabled by default, but administrators can check if remote management is enabled by selecting Basic Settings>Remote Management in their router’s web interface.
While Cisco did not detail whether the vulnerability was being exploited in the wild, the tech giant released firmware updates for the affected devices that address it.
The patched software versions are: RV110W Wireless-N VPN Firewall version 220.127.116.11, RV130W Wireless-N Multifunction VPN Router version 18.104.22.168, and RV215W Wireless-N VPN Router version 22.214.171.124.
The vulnerability was discovered by security researchers Yu Zhang and Haoliang Lu, and T. Shiomitsu of Pen Test Partners.
Cisco routers with vulnerabilities – even those with patches issued for them – are frequently targeted by attackers. In January, malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers with just-patched vulnerabilities was discovered. And in November, attackers actively exploited a zero-day vulnerability (CVE-2018-15454) in certain Cisco security products, to cause a denial-of-service (DoS) condition.