Critical Cisco Issues Make VPN Routers Vulnerable to RCE Attacks!

Critical Cisco Issues Make VPN Routers Vulnerable to RCE Attacks!

Vulnerabilities exist in Cisco’s RV160, RV160W, RV260, RV260P, & RV260W VPN routers for small businesses.

Cisco is launching fixes for critical problems in its line-up of small-business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to view or tamper with data, & perform other unauthorised actions on the routers.

The flaws exist in the web-based management interface of Cisco’s small-business range of VPN routers. That includes its RV160, RV160W, RV260, RV260P, & RV260W models.

Secure Connection

VPN routers have virtual private network functionality built directly into them. This means they have firmware that can handle VPN connections in order to establish a secure connection at the hardware level.

These specific router models, which vary in price from $150-250, are purpose-built for small & medium-sized businesses & are marketed as being ideal for remote offices.

“Cisco has released software updates that address these vulnerabilities,” according to Cisco on Wed. “There are no workarounds that address these vulnerabilities.”

This issue has been assigned 7 CVEs (CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, CVE-2021-1295). Cisco did not detail each CVE but did say that the CVEs have a base CVSS score of 9.8 out of 10 (making them critical in severity).

HTTP Request

These problems exist because HTTP requests are not properly validated in the management interface, said Cisco.

An attacker could use the vulnerabilities, merely by sending a specially crafted HTTP request to the management interface of 1 of the affected router models. Then, they would be able to execute arbitrary code as a root user, Cisco commented.

Release 1.0.01.02

The flaws affect the small business routers running a firmware release earlier than Release 1.0.01.02 – a fix has been rolled out as part of this release. Cisco has outlined further instructions on its security advisory for how to apply the update.

On Wed., Cisco also warned of 2 high-severity flaws (CVE-2021-1296 and CVE-2021-1297) across this same set of small-business VPN routers. The flaws could let unauthenticated, remote attackers to launch directory traversal attacks & overwrite certain files that should be restricted on affected systems.

Directory Traversal Attacks 

Directory traversal attacks are usually launched against devices with insufficient security validation, in order to access files & directories that are stored outside the web root folder.

“These vulnerabilities are due to insufficient input validation,” said Cisco. “An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to.”

These flaws are also fixed by firmware Release 1.0.01.02; Cisco observed that it is unaware of any exploits in the wild of the critical flaws for any of these flaws.

High-Severity

Cisco on Wed. issued a raft of patches addressing high-severity vulnerabilities beyond its VPN small-business routers. 2 Cisco product families are affected by these issues.

One affected product is Cisco’s small business RV series routers – specifically, the RV016, RV042, RV042G, RV082, RV320, & RV325 models. Cisco warned of issues in these routers (tied to 30 CVEs) that could allow authenticated, remote attackers to execute arbitrary code or cause them to restart unexpectedly.

Improper Validation

The flaws, which stem from an improper validation of user-supplied input into the routers’ web-based interface, could be exploited by an attacker by sending crafted HTTP requests to affected devices.

“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial-of-service (DoS) condition,” observed Cisco.

Another set of glitches (tied to 5 CVEs) could also give an attacker the ability to inject arbitrary commands on the routers that are executed with root privileges. However, an attacker would 1st need administrative credentials, making this attack more complex to carry out.

IOS XR Software

Finally, Cisco patched various high-severity flaws affecting its IOS XR software, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS).

The most serious of these flaws could allow an unauthenticated, remote attacker to trigger a denial-of-service (DoS) condition on affected devices in order to cripple them.

Since the beginning of 2021, Cisco has patched various vulnerabilities across its products, including multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users, & a high-severity flaw in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems.

https://www.cybernewsgroup.co.uk/virtual-conference-march-2021/

 

SHARE ARTICLE