News

Information Disclosure Flaws Found in Cisco Small Business Routers

Cisco acknowledged vulnerabilities in two of its small business router products last week that could lead to information disclosures.

The vulnerabilities affect Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers, where an attacker could "download the router configuration or detailed diagnostic information," Cisco's Jan. 23 security advisory explained. These routers with firmware versions 1.4.2.15 and 1.4.2.17 installed have the vulnerabilities. Cisco has issued free firmware software updates for its affected customers.

The flaw goes by the common vulnerabilities and exposures number of CVE-2019-1653. Cisco ranked the vulnerabilities as potentially having a "High" impact on organizations, crediting RedTeam Pentesting GmbH for reporting the issue.

Vulnerabilities were detected in more than 9,000 of these routers, with most of the devices located in the United States, according to a blog post by Troy Mursch, a security researcher at the Web site "Bad Packets Report." Mursch recommended immediately applying Cisco's firmware updates, as well as "changing the device's admin and WiFi credentials."

The vulnerabilities can expose an administrator's credentials, but "the password is hashed," Mursch noted. However, the information exposed could be used in combination with a remote code execution attack (CVE-2019-1652) that was also discovered by RedTeam Pentesting.

"These routers can be exploited further using the leaked credentials (CVE-2019-1652) resulting in remote code execution detailed in the proof-of-concept published by David Davidson (0x27)," Mursch explained.

Attackers need valid credentials on the routers, though, to exploit CVE-2019-1652.

"The vulnerability [CVE-2019-1652] allows attackers with administrative access to the router's web interface to execute arbitrary operating system commands on the device," RedTeam Pentesting explained in a Seclists.org post. "Because attackers require valid credentials to the web interface, this vulnerability is only rated as a medium risk."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • Azure Cost Management Now Commercially Available for Some Tenancies

    Microsoft on Monday announced that its Azure Cost Management feature had reached the "general availability" release stage for both Azure "pay-as-you-go" customers and Azure Government tenancies.

  • Microsoft Bringing Files Restore Capability to SharePoint Online and Teams

    Microsoft on Monday announced that it's delivering its Files Restore feature for SharePoint Online and Microsoft Teams to Office 365 tenancies as early as this month.

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.