Multiple Cisco Vulnerabilities Threat Alert 2020

Multiple Cisco Vulnerabilities Threat Alert 2020

agosto 4, 2020 | Adeline Zhang

Overview

On July 15, 2020 local time, Cisco released security advisories to address vulnerabilities across multiple products, including five Critical vulnerabilities with a CVSS base score of 9.8 (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144, CVE-2020-3331, and CVE-2020-3140).

Reference link:

https://tools.cisco.com/security/center/publicationListing.x

1. Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability (CVE-2020-3330)

Vulnerability Description

A vulnerability (CVE-2020-3330) in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account.

The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system.

Affected Products

  • Cisco Small Business RV110W Wireless-N VPN Firewall firmware releases earlier than 1.2.2.8

Unaffected Products

  • Cisco Small Business RV110W Wireless-N VPN Firewall firmware 1.2.2.8 and later

Solution

       Cisco has released updates that address the vulnerability. Affected users are advised to upgrade without delay.

       Please log in to https://software.cisco.com/download/home to download the updates.

For more information, see Cisco’s official security advisory at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy

2. Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (CVE-2020-3323)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.

Affected Products

  • RV110W Wireless-N VPN Firewall releases earlier than 1.2.2.8
  • RV130 VPN Router releases earlier than 1.0.3.54
  • RV215W Wireless-N VPN Router releases earlier than 1.3.1.7

Unaffected Products

  • RV110W Wireless-N VPN Firewall 1.2.2.8 and later
  • RV130 VPN Router 1.0.3.54 and later
  • RV130W Wireless-N Multifunction VPN Router 1.0.3.54 and later
  • RV215W Wireless-N VPN Router 1.3.1.7 and later

Solution

       Cisco has released updates that address the vulnerability. Affected users are advised to upgrade without delay.

       Please log in to https://software.cisco.com/download/home to download the updates.

   Disabling the remote management feature, if it is not required, would help to reduce the attack surface of this vulnerability.

For more information, see Cisco’s official security advisory at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp

3. Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability (CVE-2020-3144)

Vulnerability Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device.

The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device.

Affected Products

  • RV110W Wireless-N VPN Firewall releases earlier than 1.2.2.8
  • RV130 VPN Router releases earlier than 1.0.3.55
  • RV130W Wireless-N Multifunction VPN Router releases earlier than 1.0.3.55
  • RV215W Wireless-N VPN Router releases earlier than 1.3.1.7

Unaffected Products

  • RV110W Wireless-N VPN Firewall 1.2.2.8 and later
  • RV130 VPN Router 1.0.3.55 and later
  • RV130W Wireless-N Multifunction VPN Router 1.0.3.55 and later
  • RV215W Wireless-N VPN Router 1.3.1.7 and later

Solution

       Cisco has released updates that address the vulnerability. Affected users are advised to upgrade without delay.

       Please log in to https://software.cisco.com/download/home to download the updates.

    Disabling the remote management feature, if it is not required, would help to reduce the attack surface of this vulnerability.

For more information, see Cisco’s official security advisory at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ

4. Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability (CVE-2020-3331)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as therootuser on the underlying operating system of the affected device.

Affected Products

  • RV110W Wireless-N VPN Firewall releases earlier than 1.2.2.8
  • RV215W Wireless-N VPN Router releases earlier than 1.3.1.7

Unaffected Products

  • RV110W Wireless-N VPN Firewall 1.2.2.8 and later
  • RV215W Wireless-N VPN Router 1.3.1.7 and later

Solution

       Cisco has released updates that address the vulnerability. Affected users are advised to upgrade without delay.

       Please log in to https://software.cisco.com/download/home to download the updates.

For more information, see Cisco’s official security advisory at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb

5. Cisco Prime License Manager Privilege Escalation Vulnerability (CVE-2020-3140)

Vulnerability Description

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system.

A successful exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid user name to exploit this vulnerability.

Affected Products

  • Cisco PLM releases earlier than 10.5(2)SU9
  • Cisco PLM releases earlier than 11.5(1)SU6

Unaffected Products

  • Cisco PLM 10.5(2)SU9 and later
  • Cisco PLM 11.5(1)SU6 and later

Solution

       Cisco has released updates that address the vulnerability. Affected users are advised to upgrade without delay.

       Please log in to https://software.cisco.com/download/home to download the updates.

For more information, see Cisco’s official security advisory at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.