The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Cisco fixes critical flaw in wireless VPN, firewall routers

2019-03-01 18:30 by
Tags: , , ,

 

Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a malicious HTTP request.

The vulnerability, which has an impact rating of 9.8 out of 10 on the Common Vulnerability Scoring System lets a potential attacker send malicious HTTP requests to a targeted device. A successful exploit could let the attacker execute arbitrary code on the underlying operating system of the affected device as a high-privilege user, Cisco stated.

"The vulnerability is reportedly due to improperly validated user input fields through the HTTP/HTTPS user management interface", said Ryan Seguin, engineer with Tenable, in a Wednesday analysis of the flaw. "Cisco has tagged this vulnerability with CWE-119, the designation for a buffer overflow. This means that a pre-authentication user input field on these devices can be manipulated into dropping code into the device's memory, which it then executes at the system level."

The patched software versions are: RV110W Wireless-N VPN Firewall version 1.2.2.1, RV130W Wireless-N Multifunction VPN Router version 1.0.3.45, and RV215W Wireless-N VPN Router version 1.3.1.1.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About