CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers
NEWS

CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers

A new critical flaw, CVE-2019-1663, residing in Cisco wireless VPN and firewall routers was just reported. Businesses should update immediately to protect against the flaw.




More specifically, CVE-2019-1663 is a serious vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The exploit could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

According to the official advisory, the vulnerability is triggered by improper validation of user-supplied data in the web-based management interface.

The flaw could be exploited if an attacker sends malicious HTTP requests to a targeted device. As a result of this, the attacker could be able to execute arbitrary code as a high-privilege user.

With that in mind, customers with enabled remote-management feature, a feature which is typically disabled by default, are exposed to a remote attack.

Related:
Cisco Small Business Switches are vulnerable to a remote attack, based on CVE-2018-15439, where commands with admin privileges can be executed.
CVE-2018-15439: Cisco Small Business Switches Vulnerable

Cisco Products Affected by CVE-2019-1663

The vulnerability affects all releases of the following Cisco products:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

The vulnerability has been fixed in RV110W Wireless-N VPN Firewall: 1.2.2.1, RV130W Wireless-N Multifunction VPN Router: 1.0.3.45, and RV215W Wireless-N VPN Router: 1.3.1.1.

To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings and then Remote Management. If the Enable box is checked, remote management is enabled for the device, Cisco explains.

It’s not known whether the flaw was exploited in the wild. What is known is that Chinese security researchers revealed the bug during the GeekPwn Shanghai conference which took place in October, 2018. No workarounds are available for this vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...