Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to execute arbitrary code as root on vulnerable devices.
The flaws (CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, CVE-2021-1295) have received a CVSS score of 9.8/10.
The flaws reside in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers
“Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.” reads the advisory published by Cisco.
“These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.”
The IT giant revealed that the vulnerabilities affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02:
while the following devices are not affected:
Cisco has addressed the flaw with the release of firmware version 1.0.01.02 and later, the vendor added that there are no workarounds that address these vulnerabilities.
The good news is that Cisco Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting the above vulnerabilities.
The vulnerabilities were reported to Cisco by T. Shiomitsu from Trend Micro Zero Day, swings of Chaitin Security Research Lab, and simp1e of 1AQ Team.
Cisco today has also addressed high severity vulnerabilities impacting other business routers and the IOS XR software.
Last month, Cisco has also patched several pre-auth RCE vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, VPN routes)