- Cisco vpn client 5 and small business routers Patch#
- Cisco vpn client 5 and small business routers software#
- Cisco vpn client 5 and small business routers code#
SolutionĬisco says that firmware version 1.0.03.22 and later fixes these vulnerabilities in the affected versions of its Small Business VPN Routers. Proof of conceptĪt the time this blog post was published, there were no proofs-of-concept (PoC) available for either CVE-2021-1609 or CVE-2021-1610.
Cisco vpn client 5 and small business routers Patch#
Because of this historical precedent, we believe it is important that organizations patch these latest vulnerabilities as soon as possible. A few days after the advisories were published, proof-of-concept exploit scripts for these flaws were published, which was followed by active scanning for vulnerable devices. In January 2019, Cisco published advisories for two different vulnerabilities in its RV320 and RV325 WAN VPN routers. The table below lists the publicly accessible devices. Example of a remotely accessible Small Business VPN Router login pageĭespite the remote management feature being disabled by default, Tenable’s Security Response Team found over 8,800 devices publicly accessible according to BinaryEdge. However, Cisco notes that remote management of these devices is disabled by default.
Cisco vpn client 5 and small business routers code#
Under this default configuration, a local attacker could potentially gain arbitrary code execution. Web management interface default exposure is limitedĬisco’s advisory clarifies that the web management interface for its small business VPN routers is available by default through local area network connections and can’t be disabled.
Cisco vpn client 5 and small business routers software#
Successful exploitation would grant an attacker the ability to gain arbitrary command execution on the vulnerable device’s operating system.Ĭisco is careful to note that both of these vulnerabilities can be exploited independently of each other, and that some versions of the Small Business VPN Router software may only be affected by one of the two vulnerabilities. While both flaws exist due to improper validation of HTTP requests and can be exploited by sending specially crafted HTTP requests, CVE-2021-1610 can only be exploited by an authenticated attacker with root privileges. A remote, unauthenticated attacker could exploit the vulnerability by sending a specially crafted HTTP request to a vulnerable device, resulting in arbitrary code execution as well as the ability to reload the device, resulting in a denial of service.ĬVE-2021-1610 is a high-rated command injection vulnerability in the same web management interface. According to Cisco, the flaw exists due to improper validation of HTTP requests. RV340W Dual WAN Gigabit Wireless-AC VPN RouterĬVE-2021-1609 is a critical-rated vulnerability in Cisco’s web management interface for Cisco Small Business routers that was assigned a CVSSv3 score of 9.8.
The table below lists which routers in the Small Business line are vulnerable: Cisco Small Business Router Model
Web Management Command Injection Vulnerability Web Management Remote Code Execution and Denial of Service Vulnerability On August 4, Cisco released several security advisories, including an advisory for two vulnerabilities in a subset of its line of Small Business VPN Routers. Cisco releases patches for Critical vulnerabilities in its line of Small Business VPN Routers.
0 kommentar(er)
