Cisco SOHO VPN Firewalls Vulnerable To Remote Code Execution

Recently Cisco has released several security software updates for the Cisco RV wireless VPN firewalls and routers to plug up a remote code execution flaw (CVE-2019-1663) that can be exploited by malicious HTTP requests

 
The Vulnerable Products
This vulnerability affects all releases of the following Cisco products prior to those listed in Fixed Releases:
  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

“The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.”

Cisco did not mention if there was any available public code in the wild to be used to exploit the vulnerability. 

The flaw is quite serious with a CVSS Score of 9.8. The vulnerability  can only be exploited if the device’s web management interface is available through a local LAN connection or available on the Wan side. Cisco Urges users to update their devices as soon as possible.

Leave a Comment

− 1 = 2