MULTIPLE VULNERABILITIES IN CISCO VPN ROUTERS FOUND

A cybersecurity advisory was issued yesterday, Feb. 3, 2021, regarding multiple vulnerabilities in Cisco VPN Routers. The vulnerabilities could allow an attacker to execute arbitrary code, which could potentially lead to a breach.
 

What It Is:

Multiple vulnerabilities have been discovered in Cisco VPN Routers, the most severe of which could allow for arbitrary code execution as the root user of an affected device. These VPN routers are often used to connect hosts via the router hardware as opposed to individual installations on each device. 
 
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the root user of an affected device. An attacker could then view, change, or delete data and perform other unauthorized actions on the affected device.

Read the original Cisco Security Advisory.

Threat Intelligence:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected:

• RV160 VPN Router w/firmware prior to Release 1.0.01.02
• RV160W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02
• RV260 VPN Router w/firmware prior to Release 1.0.01.02
• RV260P VPN Router with POE w/firmware prior to Release 1.0.01.02
• RV260W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02

Risk:

Government:

• Large and medium government entities: Medium
• Small government entities: High

Businesses:

• Large and medium business entities: Medium
• Small business entities: High

Home users: Low

What It Means:

If you and/or your business utilize the Cisco routers mentioned above, you will need to apply appropriate updates provided by Cisco to vulnerable systems immediately following proper testing.

Technical Summary:

Multiple vulnerabilities have been discovered in Cisco VPN Routers, the most severe of which could allow for arbitrary code execution as the root user of an affected device. The vulnerabilities exist due to improper validation of HTTP requests to the web-based management interfaces of the affected devices. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device.
 
Details of the CVEs have not been released yet, but their IDs are as follows:

• CVE-2021-1289
• CVE-2021-1290
• CVE-2021-1291
• CVE-2021-1292
• CVE-2021-1293
• CVE-2021-1294
• CVE-2021-1295

What To Do:

We recommend the following actions be taken:

• Apply appropriate updates provided by Cisco to vulnerable systems immediately after appropriate testing.
• Block external access at the network boundary, unless external parties require service.
• Apply the Principle of Least Privilege to all systems and services.

 

Negative Consequences of Lost or Stolen Data:

The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Cisco routers including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.