Cisco Patches Critical and High Severity Flaws in Its VPN Routers

Cisco is one of the popularly known firms for manufacturing networking products along with developing software products. Recently it addressed three vulnerabilities, one is critical, and the other two are high severity flaws in its VPN routers. These vulnerabilities are said to be a part of the web-based management interface of Cisco Small Business VPN Routers. This interface is available through local LAN connections by default for the affected devices and cannot be disabled. When the remote management feature is enabled, this interface can be made available even through WAN interfaces. Fortunately, the remote management feature is disabled by default in all the affected devices, reducing the attack’s complexity in WAN interfaces.

This vulnerability exists due to improper validation of user input (HTTP requests) in the affected devices. This allows an unauthenticated, remote attacker to send crafted HTTP requests to the web-based management interface of Cisco Small Business VPN Routers. As a result, they can execute arbitrary code or even cause the affected device to restart unexpectedly, leading to a denial of service condition. This critical severity vulnerability is assigned with a CVSS score of 9.8. Cisco has fixed this issue in firmware releases 1.0.03.22 and later.

Affected products

• RV340 Dual WAN Gigabit VPN Router
• RV340W Dual WAN Gigabit Wireless-AC VPN Router
• RV345 Dual WAN Gigabit VPN Router
• RV345P Dual WAN Gigabit POE VPN Router

This vulnerability also came into the picture due to improper validation of HTTP requests to the web-based management interface of Cisco Small Business VPN Routers. This allows an unauthenticated, remote attacker to send crafted HTTP requests to the affected devices leading to an arbitrarycommand injection vulnerability. The attackers could execute arbitrary commands with root-level privileges on the affected devices. This vulnerability is assigned with a CVSS score of 7.2. Cisco has patched this issue in firmware releases 1.0.03.22 and later.

Affected products

• RV340 Dual WAN Gigabit VPN Router
• RV340W Dual WAN Gigabit Wireless-AC VPN Router
• RV345 Dual WAN Gigabit VPN Router
• RV345P Dual WAN Gigabit POE VPN Router

The vulnerability occurred as a result of insufficient user input validation. This allows an unauthenticated, remote attacker to send crafted requests to the web-based management interface of Cisco Small Business VPN Routers. Attackers can leverage this bug to execute arbitrary commands on the underlying operating system of an affected device with root privileges. This vulnerability is assigned with a CVSS score of 8.2. Cisco has fixed this issue in firmware releases 1.0.01.04 and later.

Affected products

• RV160 VPN Routers
• RV160W Wireless-AC VPN Routers
• RV260 VPN Routers
• RV260P VPN Router with PoE
• RV260W Wireless-AC VPN Routers

An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code or commands using root-level privileges and even cause the device to reload, which will result in a denial of service (DoS) condition.

We recommend users of these products install the necessary Cisco security updates mentioned in the respective advisories as soon as possible to stay protected.