Cisco: Patch routers now against massive security hole.
The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
The networking giant has assigned the bug, tagged as CVE-2019-1663, with a severity score of 9.8 out of a possible 10 under the Common Vulnerability Scoring System (CVSS).
Ciscos developers failed to ensure the web app properly checks data that users type into the routers management interface, which could give an attacker control of the operating system.
The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device, Cisco notes in its advisory.
A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.
Customers are exposed to a remote attack if they enabled the remote-management feature on the affected devices. The feature is disabled by default.
Admins can check whether a device has the remote-management feature enabled by opening the web interface and selecting Basic Settings > Remote Management.
Cisco did not say the bug has been exploited, however knowledge of its existence has been floating around for six months. The company notes that Chinese security researchers revealed the bug at the GeekPwn Shanghai conference on October 24-25, 2018.
The researchers did not reveal technical details of the bug. A researcher at US firm Pen Test Partners also supplied details to Cisco.
The bug is fixed in software versions 184.108.40.206 for RV110W Wireless-N VPN Firewall, 220.127.116.11 for RV130W Wireless-N Multifunction VPN Router, and 18.104.22.168 for the RV215W Wireless-N VPN Router.
Cisco is also investigating which of its products are affected by a serious container bug in runc, the runtime used by Docker and Kubernetes. The bug could allow an attacker to infect a container with malware that compromises the host system.
It has yet to confirm whether any products are vulnerable, but notes in an updated advisory that it is probing Cisco IOS XE, Cisco UCS B-Series M3 Blade Servers, and Cisco Smart Software Manager Satellite. It is also updating a list of software that it has confirmed is not vulnerable to the container flaw.
And if you have ever needed to install Ciscos Webex Meetings Desktop App to attend a conference call, it might be worth checking whether it is still installed. If it is, Cisco recommends updating as soon as possible.
As a vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user, Cisco explained.