The issue influences a variety of Cisco Wireless-N and Wireless-AC VPN routers that have achieved stop-of-lifetime.
A critical security vulnerability in Cisco Smaller Enterprise Routers (RV110W, RV130, RV130W and RV215W products) lets distant code execution (RCE) and denial of service (DoS). The networking huge said that no patch or workaround will be coming for the bug, since the routers achieved stop-of-life again in 2019.
The bug (CVE-2021-34730) is a person of 6 tackled by Cisco this week it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week (CVE-2021-22156), which influences multiple suppliers, nicely outside of Cisco.
Patch Denied: Critical RCE for EoL Equipment
The critical router issue, which carries a base CVSS score of 9.8 out of 10, influences the hardware’s Universal Plug-and-Participate in (UPnP) support, Cisco claimed. It could let an unauthenticated attacker to achieve RCE or induce an affected unit to restart unexpectedly.
“This vulnerability is due to improper validation of incoming UPnP site visitors,” according to the advisory. “An attacker could exploit this vulnerability by sending a crafted UPnP request to an afflicted system. A prosperous exploit could allow the attacker to execute arbitrary code as the root consumer on the underlying operating method or lead to the unit to reload, resulting in a DoS issue.”
The issue impacts a assortment of Cisco Wireless-N and Wireless-AC VPN routers, which attained close-of-lifestyle in September of 2019. Cisco stopped issuing bug fixes on Dec. 1 of previous yr. Impacted firms should really appear to update their components to prevent compromise.
The other critical flaw resolved in the updates has to do with the BlackBerry QNX-2021-001 bug disclosed this 7 days, which permits risk actors to just take more than or launch DoS attacks on devices and critical infrastructure. Primarily, the recognised team of BadAlloc bugs tied to BlackBerry’s embedded QNX working method (OS) now affects older gadgets.
Cisco’s advisory merely states, “Cisco is investigating its merchandise line to identify which goods and services may well be impacted by this vulnerability.” So considerably, no products and solutions have been shown.
Medium-Severity Security Bugs in Cisco Equipment
The remaining five patches are all rated medium in severity, and have an impact on solutions from throughout Cisco’s portfolio. These bugs are:
- CVE-2021-34749: Server Name Identification (SNI) Data-Exfiltration Vulnerability (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Protection (FTD), Snort Detection Motor)
- CVE-2021-1561: Spam Quarantine Unauthorized-Accessibility Vulnerability (Cisco Safe Email and Web Manager)
- CVE-2021-34734: Double-Absolutely free Denial-of-Service Vulnerability (Cisco Video clip Surveillance 7000 Series IP Cameras Backlink Layer Discovery Protocol)
- CVE-2021-34715: Picture-Verification Vulnerability (Cisco Expressway Collection and TelePresence Online video Communication Server)
- CVE-2021-34716: RCE Vulnerability (Cisco Expressway Series and TelePresence Movie Interaction Server)
The first bug could allow an unauthenticated, remote attacker to bypass filtering technology on an afflicted system to execute a command-and-command attack on a compromised host and conduct and exfiltrate knowledge from a compromised host. The advisory is an interim a person, and Cisco reported it was continue to investigating which solution variations are affected.
“This vulnerability is thanks to insufficient filtering of the SSL handshake,” in accordance to the advisory. “An attacker could exploit this vulnerability by using data from the SSL shopper hello packet to talk with an external server.”
The spam-quarantine-relevant vulnerability has an effect on Cisco Safe Email and Web Supervisor releases earlier than Release 14.1. It could let an authenticated, remote attacker to achieve unauthorized accessibility and modify the spam quarantine settings of an additional person, so that destructive messages could get as a result of or attackers could study messages.
“This vulnerability exists due to the fact access to the spam quarantine function is not thoroughly restricted,” in accordance to the advisory. “An attacker could exploit this vulnerability by sending malicious requests to an afflicted system.”
The third bug exists in the Backlink Layer Discovery Protocol (LLDP) implementation for Cisco Video clip Surveillance 7000 Collection IP Cameras with firmware release 2.12.4. Exploitation could allow an unauthenticated, adjacent attacker to trigger a DoS affliction.
“This vulnerability is due to poor management of memory methods, referred to as a double free,” in accordance to Cisco. “An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected unit.”
The final two vulnerabilities exist in the Expressway and TelePresence goods and can be exploited by authenticated, remote attackers to execute code.
The very first of these lets RCE with inside person privileges on the fundamental working procedure it affects consumers jogging a release previously than the 1st fastened release (the bug was released when assist for validation of SHA512 checksums was released in Launch X8.8).
The next allows RCE on the underlying working method as the root person. It influences releases previously than the initial fixed release if buyers are functioning Release X8.6 or afterwards.
Check out out our free forthcoming dwell and on-desire webinar occasions – special, dynamic conversations with cybersecurity gurus and the Threatpost neighborhood.
Some pieces of this article are sourced from: