Cisco fixes critical flaw in wireless VPN, firewall routers

Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a malicious HTTP request.

The vulnerability, which has an impact rating of 9.8 out of 10 on the Common Vulnerability Scoring System lets a potential attacker send malicious HTTP requests to a targeted device. A successful exploit could let the attacker execute arbitrary code on the underlying operating system of the affected device as a high-privilege user, Cisco stated.

"The vulnerability is reportedly due to improperly validated user input fields through the HTTP/HTTPS user management interface", said Ryan Seguin, engineer with Tenable, in a Wednesday analysis of the flaw. "Cisco has tagged this vulnerability with CWE-119, the designation for a buffer overflow. This means that a pre-authentication user input field on these devices can be manipulated into dropping code into the device's memory, which it then executes at the system level."

The patched software versions are: RV110W Wireless-N VPN Firewall version 1.2.2.1, RV130W Wireless-N Multifunction VPN Router version 1.0.3.45, and RV215W Wireless-N VPN Router version 1.3.1.1.

Read more -here-

• The US government is taking a 10 percent stake in Intel
• Google is selling a version of Gemini for government agencies
• PayPal breach exposed nearly 16M login credentials, hackers claim
• Apple is reportedly manufacturing all four iPhone 17 models in India
• AT&T customers could get thousands in $177M settlement
• US government is reportedly in discussions to take stake in Intel