Fri. Aug 7th, 2020

Alert: Multi critical security vulnerability in Cisco routers

3 min read
Recently, Cisco issued a security update notice for a variety of products, which resolved 5 critical vulnerabilities with a score of 9.8 (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144, CVE- 2020-3333, CVE-2020-3140).
Cisco VPN

Vulnerability Details

CVE-2020-3330: Cisco Small Business RV110W Wireless-N VPN Firewall static default credentials vulnerability

CVE-2020-3330, which exists in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers, allows unauthenticated remote attackers to fully control devices with high-privilege accounts.
Affected version
  • Cisco Small Business RV110W Wireless-N VPN Firewall Firmware version <1.2.2.8

Unaffected version

  • Cisco Small Business RV110W Wireless-N VPN Firewall Firmware version >= 1.2.2.8

Solution

Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.

CVE-2020-3323: Cisco Small Business RV110W, RV130, RV130W, RV215W router management interface remote command execution vulnerability

CVE-2020-3323 exists in the web management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. This would allow an unauthenticated remote attacker to execute arbitrary code on the affected device.

The vulnerability is caused by incorrectly validating user input on the Web management interface. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target device. Successful exploitation may allow an attacker to execute arbitrary code on the affected device’s system as the root user.

Affected version

  • RV110W Wireless-N VPN Firewall < 1.2.2.8
  • RV130 VPN Router < 1.0.3.54
  • RV130W Wireless-N Multifunctional VPN Router < 1.0.3.54
  • RV215W Wireless-N VPN Router < 1.3.1.7

Unaffected version

  • RV110W Wireless-N VPN Firewall >= 1.2.2.8
  • RV130 VPN Router >= 1.0.3.54
  • RV130W Wireless-N Multifunctional VPN Router >= 1.0.3.54
  • RV215W Wireless-N VPN Router >= 1.3.1.7

Solution

Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.

CVE-2020-3144: Cisco RV110W, RV130, RV130W, RV215W Router Authentication Bypass Vulnerability

CVE-2020-3144 exists in the web management interface of the Cisco RV110W Wireless-N VPN firewall, RV130 VPN router, RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN router. This may allow unauthenticated remote attackers to bypass authentication and execute arbitrary commands on the affected device.

Affected version

  • RV110W Wireless-N VPN Firewall < 1.2.2.8
  • RV130 VPN Router < 1.0.3.55
  • RV130W Wireless-N Multifunctional VPN Router < 1.0.3.55
  • RV215W Wireless-N VPN Router < 1.3.1.7

Unaffected version

  • RV110W Wireless-N VPN Firewall >= 1.2.2.8
  • RV130 VPN Router >= 1.0.3.55
  • RV130W Wireless-N Multifunctional VPN Router >= 1.0.3.55
  • RV215W Wireless-N VPN Router >= 1.3.1.7

Solution

Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.

CVE-2020-3331: Cisco RV110W and RV215W series routers arbitrary code execution vulnerability

The Cisco RV110W Wireless-N VPN firewall and the Cisco RV215W Wireless-N VPN router have a vulnerability (CVE-2020-3331) in the web management interface. This may allow unauthenticated remote attackers to execute arbitrary code on the affected device.
The vulnerability is caused by incorrectly validating user input on the Web management interface. An attacker can exploit this vulnerability by sending a well-designed request to the target device. Successful exploitation may allow an attacker to execute arbitrary code on the affected device’s system as the root user.

Affected version

  • RV110W Wireless-N VPN Firewall < 1.2.2.8
  • RV215 VPN Router < 1.3.1.7

Unaffected version

  • RV110W Wireless-N VPN Firewall >= 1.2.2.8
  • RV215 VPN Router >= 1.3.1.7

Solution

Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.

CVE-2020-3140: Cisco Prime License Manager privilege escalation vulnerability

CVE-2020-3140 in the web management interface of Cisco Prime License Manager (PLM) software could allow unauthenticated remote attackers to gain unauthorized access to the affected devices.

The vulnerability is caused by insufficient validation of user input on the Web management interface. An attacker can exploit this vulnerability by sending malicious requests to the affected system.
Successful exploitation can enable an attacker to gain administrative privileges in the system. However, an attacker needs a valid username to exploit this vulnerability.

Affected version

  • Cisco PLM < 10.5(2)SU9
  • Cisco PLM < 11.5(1)SU6

Unaffected version

  • Cisco PLM >= 10.5(2)SU9
  • Cisco PLM >= 11.5(1)SU6

Solution

Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.