Cisco fixes critical code execution bugs in SMB VPN routers

Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices.

The root user is the system's superuser on Unix operating systems, a special user account usually used only for system administration tasks.

The security bugs with a severity rating of  9.8/10 were found in the web-based management interface of Cisco small business routers.

"These vulnerabilities exist because HTTP requests are not properly validated," Cisco explains in an advisory published earlier today.

"An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device."

Security update available for all vulnerable routers

According to Cisco, the following Small Business Routers are vulnerable to attacks attempting to exploit these vulnerabilities if running a firmware version earlier than Release 1.0.01.02:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

Cisco says that its Dual WAN Gigabit VPN Routers (including RV340, RV340W, RV345, and RV345P) are not affected.

The company has fixed the vulnerabilities in firmware releases 1.0.01.02 and later issued for all impacted routers.

To update your router to the latest release, you have to go to the Cisco Software Center and follow this procedure:

  1. Click Browse all.
  2. Choose Routers > Small Business Routers > Small Business RV Series Routers.
  3. Choose the appropriate router.
  4. Choose Small Business Router Firmware.
  5. Choose a release from the left pane of the product page.

No public exploits or active exploitation

Luckily, even if you cannot immediately patch vulnerable routers, the Cisco Product Security Incident Response Team (PSIRT) says that it isn't "aware of any public announcements or malicious use of the vulnerabilities."

The vulnerabilities were discovered and reported to Cisco by T. Shiomitsu, swings of Chaitin Security Research Lab, and simp1e of 1AQ Team.

Cisco today has also addressed high severity vulnerabilities impacting other business routers and the IOS XR software.

Last month, Cisco has also patched several pre-auth RCE vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

Related Articles:

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

New Ivanti RCE flaw may impact 16,000 exposed VPN gateways

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Maximum severity Flowmon bug has a public exploit, patch now

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks