Cisco Releases Critical Security Patches

Get in Touch

Get in Touch

Overview

For the second time this year, Cisco have released a set of patches to fix Remote Code Execution (RCE) flaws in the same set of VPN router appliances.

Impact

A critical vulnerability resides on the web-based management interface of the devices and allows for an attacker to execute arbitrary code and/or cause a denial of service (DoS) condition by constantly reloading the device.

An additional, high severity, vulnerability could be leveraged by an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of vulnerable devices.

Are my systems vulnerable?

Critically affected devices are: RV340, RV340W, RV345, and RV345P running a firmware release prior to version 1.0.03.22 are vulnerable.
Devices affected by the high severity vulnerabilities are: RV160, RV160W, RV260, RV260P, and RV260W running firmware versions earlier than 1.0.01.04 are vulnerable.

Vulnerability Detection

A number of popular vulnerability management systems have already updated their detection mechanisms to identify the vulnerabilities. At present, all of them require authentication onto the device in order to verify the version of the firmware in use. This method of vulnerability detection can be manually replicated by logging into the management interface and checking the reported firmware version.

Containment, Mitigations & Remediations

Cisco has released software updates that addresses these vulnerabilities. It is best to apply these updates as soon as possible as there are no workarounds that address this vulnerability.

Indicators of Compromise

There are no IoC’s available at this time.

Threat Landscape

Cisco states that there has been no evidence of active exploitation attempts in the wild.

Further Information