As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week there is a new critical alert that requires the mission-critical community’s immediate attention.
Advisory Overview
Cisco has provided fixes for multiple security vulnerabilities varying from medium to critical severity, that could be exploited by an unauthenticated attacker. Cisco Small Business RV340, RV340W, RV345, RV345P Dual WAN Gigabit, RV160, RV160W, RV260, RV260P, and RV260W VPN routers have multiple vulnerabilities in the web-based management interface. Cisco also released a patch for a Firepower Device Manager (FDM) On-Box software vulnerability, which resides in the REST API of the FDM. Both vulnerabilities have not been exploited in the wild and updates for patches have been released.
What is the Threat?
These Cisco Small Business VPN vulnerabilities affect the web-based management interface. CVE-2021-1609 creates an opening for threat actors by not properly validating HTTP, creating room for an attacker to create an HTTP request that can potentially allow unauthorized access. CVE-2021-1602, the other vulnerability affecting the management interface, exists because of insufficient user input validation that can potentially allow a threat actor to perform a remote code execution and gain root level access. As for the REST API of the FDM On-Box Software vulnerability, it exists due to the lack of proper sanitization of the user input on commands for REST API. This vulnerability, if exploited, can allow the threat actor to execute arbitrary code on the affected operating system.
Why is it Noteworthy?
These vulnerabilities exist on multiple versions of VPN routers as well as a Cisco firewall manager (REST API). The REST API vulnerability impacts FDM versions 6.3.0, 6.4.0, 6.5.0, 6.6.0, and 6.7.0; with a CVSS score of 6.3 which is generally considered to be a medium in severity. The web-based management remote code execution vulnerability has a high severity with a CVSS of 8.2. The CVE-2021-1609 vulnerability potentially allows threat actors to execute arbitrary code or commands and cause a DoS attack has a score of 9.8 making this severity very critical.
What is the Risk?
Leaving the vulnerabilities unpatched could lead to a significant security incident. Given that some of these vulnerabilities can cause root level access, the data is vulnerable to deletion, change and potentially held for ransom. Cisco VPN users as well as firewall administrators are at great risk for a compromise if negligent.
What are the Recommendations?
Cisco has expressed there are no current workarounds for these vulnerabilities, however, updates have been released.
MCP Recommends:
Update Cisco immediately to patch these vulnerabilities. Learn more here.
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public-safety and justice entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.