Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network.
The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
The networking giant has assigned the bug, tagged as CVE-2019-1663, with a severity score of 9.8 out of a possible 10 under the Common Vulnerability Scoring System (CVSS).
Cisco’s developers failed to ensure the web app properly checks data that users type into the routers’ management interface, which could give an attacker control of the operating system.
“The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device,” Cisco notes in its advisory.
“A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.”
Customers are exposed to a remote attack if they enabled the remote-management feature on the affected devices. The feature is disabled by default.
Admins can check whether a device has the remote-management feature enabled by opening the web interface and selecting Basic Settings > Remote Management.
Cisco did not say the bug has been exploited, however knowledge of its existence has been floating around for six months. The company notes that Chinese security researchers revealed the bug at the GeekPwn Shanghai conference on October 24-25, 2018.
The researchers did not reveal technical details of the bug. A researcher at US firm Pen Test Partners also supplied details to Cisco.The bug is fixed in software versions
- 220.127.116.11 for RV110W Wireless-N VPN Firewall
- 18.104.22.168 for RV130W Wireless-N Multifunction VPN Router
- 22.214.171.124 for the RV215W Wireless-N VPN Router.