The Broadband Guide
SG
search advanced

Cisco fixes critical flaw in wireless VPN, firewall routers

2019-03-01 18:30 by
Tags: , , ,

 

Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a malicious HTTP request.

The vulnerability, which has an impact rating of 9.8 out of 10 on the Common Vulnerability Scoring System lets a potential attacker send malicious HTTP requests to a targeted device. A successful exploit could let the attacker execute arbitrary code on the underlying operating system of the affected device as a high-privilege user, Cisco stated.

"The vulnerability is reportedly due to improperly validated user input fields through the HTTP/HTTPS user management interface", said Ryan Seguin, engineer with Tenable, in a Wednesday analysis of the flaw. "Cisco has tagged this vulnerability with CWE-119, the designation for a buffer overflow. This means that a pre-authentication user input field on these devices can be manipulated into dropping code into the device's memory, which it then executes at the system level."

The patched software versions are: RV110W Wireless-N VPN Firewall version 1.2.2.1, RV130W Wireless-N Multifunction VPN Router version 1.0.3.45, and RV215W Wireless-N VPN Router version 1.3.1.1.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About