Threat Intelligence Report- Cisco RV320 and RV325 Vulnerabilities

Summary

A series of high & medium severity vulnerabilities have been discovered on Cisco small business RV320 and RV325 routers.

Detail

Cisco vulnerability on Small Business RV320 and RV325 Routers

This issue was first seen in January 23 where a vulnerability was found in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers that could allow an unauthenticated, remote attacker to retrieve sensitive information.

The previously patched vulnerabilities, CVE-2019-1652 and CVE-2019-1653, were improperly patched. If it is exploited a remote attacker would be able to inject and run admin commands on a device without a password and to get sensitive device configuration details without a password, respectively.

On the same day the older problems were patched, the company put out alerts for two medium-rated problems CVE-2019-1827 and CVE-2019-1828 for the same routers. You can find more details about these vulnerabilities below:

CVE-2019-1827: Cisco Small Business RV320 and RV350 Routers Online help Reflected Cross-Site Scripting Vulnerability:

This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers and it was found during internal security testing. There is no workaround at the moment of writing this article.

The vulnerability could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service.

This vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.

CVE-2019-1828: Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability

This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers and it was found by a GitHub user. There is no workaround at the moment of writing this article.

The vulnerability could allow an unauthenticated, remote attacker to access administrative credentials.

This vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges.

Advice

Although no new patch has been confirmed for these issues yet, we recommend checking the following link for the Software Center where Cisco uploads the new updates, and updating once patches are available.

Leave a Reply