CISCO Warns Small Business VPN Router Users Prone to Remote Root Level Attacks

Cisco is now sending warnings to users of small business VPN routers as critical remote code execution flaws appear. These vulnerabilities can easily allows remote attackers to access users at a root level. However, according to ZdNet, the company does not release patches anymore for the affected/ attacked devices that are at the end of their device life.

CISCO Warns Small Business VPN Router Users Prone to Remote Root Level Attacks
Screenshot Youtube Video by Iliya Gatsev

The company is currently advising users to upgrade to the latest firmware to fix flaws and to provide more security for their devices. The list of Small Business VPN routers that are included in these critical flaws include Cisco Small Business RV160, RV160W, RV260, RV260P, as well as the RV260W VPN.Such devices are currently in use as these were the same models that Cisco recommended to users to upgrade to in the previous months.

Web Management Interface Bugs Allow Root User to Execute Code and Gain Root Level Access

Apparently, the routers had several bugs that attackers can use through coding in order to gain root level access to the web management interface. The vulnerability of the device comes from its incapability to properly validate the HTTP requests. Consequently, attackers can easily craft their own HTTP requests in order to exploit the device. As of the moment Cisco is monitoring bugs in the security issue as CVE-2021-1289, CVE-2021-1290, and CVE-2021-1291.

The Hacker News reports that attackers could not only focus on web interface bugs and incapability to validate HTTP requests. They could also access via a directory traversal issue. Using this, attackers could access Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers even remotely.

According to a warning statement made by Cisco,"An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to a location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device."

Aside from being remotely exploitable, the bugs can also cause a service denial. This is yet another validation problem that will allow HTTP requests to access the device. However, an attacker would need to key in correct administrator essentials to exploit the vulnerability. These come as bugs CVE-2021-1319, CVE-2021-1320, and CVE-2021-1321.

Moreover, multiple command injection vulnerabilities are also sourced which have been identified as CVE-2021-1314, CVE-2021-1315, and CVE-2021-1316.

Cisco Advises to Upgrade to 1.0.01.02 Firmare or Later to Resolve Security Flaws

Cisco has revealed in a statement that users need to update to the latest firmware as those that are still running on a firmware earlier than 1.0.01.02 are the most prone to the attack. The latest version has just been released last January, and there's no other way around it.

The following devices with corresponding firmware will be vulnerable to attacks if not upgraded to the latest update:

RV016 Multi-WAN VPN Routers

4.2.3.14 and earlier

RV042 Dual WAN VPN Routers

4.2.3.14 and earlier

RV042G Dual Gigabit WAN VPN Routers

4.2.3.14 and earlier

RV082 Dual WAN VPN Routers

4.2.3.14 and earlier

RV320 Dual Gigabit WAN VPN Routers

1.5.1.11 and earlier

RV325 Dual Gigabit WAN VPN Routers

1.5.1.11 and earlier

This article is owned by Techtimes

Written by Nikki D

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics