Get in Touch
For the second time this year, Cisco have released a set of patches to fix Remote Code Execution (RCE) flaws in the same set of VPN router appliances.
A critical vulnerability resides on the web-based management interface of the devices and allows for an attacker to execute arbitrary code and/or cause a denial of service (DoS) condition by constantly reloading the device.
An additional, high severity, vulnerability could be leveraged by an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of vulnerable devices.
Are my systems vulnerable?
Critically affected devices are: RV340, RV340W, RV345, and RV345P running a firmware release prior to version 1.0.03.22 are vulnerable.
Devices affected by the high severity vulnerabilities are: RV160, RV160W, RV260, RV260P, and RV260W running firmware versions earlier than 1.0.01.04 are vulnerable.
A number of popular vulnerability management systems have already updated their detection mechanisms to identify the vulnerabilities. At present, all of them require authentication onto the device in order to verify the version of the firmware in use. This method of vulnerability detection can be manually replicated by logging into the management interface and checking the reported firmware version.
Containment, Mitigations & Remediations
Cisco has released software updates that addresses these vulnerabilities. It is best to apply these updates as soon as possible as there are no workarounds that address this vulnerability.
Indicators of Compromise
There are no IoC’s available at this time.
Cisco states that there has been no evidence of active exploitation attempts in the wild.
The Hacker News
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities