Researchers find security vulnerabilities in Cisco Router
Security researchers discovered a security vulnerability in a Cisco model of enterprise router that could allow an attacker to take complete control of the router. After the researchers submitted the vulnerability to Cisco, they quickly got confirmation from Cisco.
The first (CVE-2019-1652) of the two vulnerabilities could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The second flaw (CVE-2019-1653) could allow the attacker to retrieve sensitive information.
The next step was for Cisco to take the time to fix and release the new firmware. Cisco released a new version of firmware to fix this vulnerability by the beginning of this year, but the researchers found that Cisco’s repair method could not completely avoid the attack. The researchers then again submitted the vulnerability to Cisco and submitted proof of concept, then received Cisco confirmation and waited for Cisco to release a new firmware fix.