Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)
Cisco finalizes patch for RV320 and RV325 after researchers determined a previous patch was incomplete.
Background
On April 4, Cisco published updated advisories to address two vulnerabilities in its RV320 and RV325 routers that were originally reported in January 2019. Additionally, Cisco published advisories for two newly discovered, medium severity bugs in the same routers.
Analisi
Tenable blogged about these vulnerabilities -- CVE-2019-1652 and CVE-2019-1653 -- in late January when public exploit scripts were published. Shortly after publication, reports about exploit attempts against these devices surfaced. Additionally, Troy Mursch, (@bad_packets), reported over 9,000 devices were reportedly vulnerable to exploitation.
Initially, Cisco said it had patched these vulnerabilities in firmware versions 1.4.2.20 and later (CVE-2019-1652) and firmware versions 1.4.2.19 and later (CVE-2019-1653). However, three recent advisories from RedTeam Pentesting GmbH including new proof of concept (PoC) code were published on March 27, indicating that the previous patches were incomplete. Cisco confirmed the findings from RedTeam Pentesting and indicated that a complete patch was imminent. Troy Mursch updated his previous blog post, highlighting that over 8,000 devices were still vulnerable to CVE-2019-1653.
Using the latest data from @binaryedgeio, we've scanned 14,045 Cisco RV320/RV325 routers and found 8,827 are leaking their configuration file, including admin credentials, to the public internet.
— Bad Packets Report (@bad_packets) March 28, 2019
Map of total vulnerable hosts found per country: https://t.co/8TDKyIGUTe pic.twitter.com/7ffywLebEt
In addition to these updated advisories, Cisco published two new advisories for medium severity bugs in the same routers. CVE-2019-1827 is a reflected cross-site scripting (XSS) vulnerability in the Online Help web service on the routers, while CVE-2019-1828 is a weak credential encryption vulnerability. Both vulnerabilities could be exploited by an unauthenticated, remote attacker. The latter could reveal encrypted administrative credentials, but requires the attacker to be operating as a man-in-the-middle. Because the device uses a weak encryption algorithm, a man-in-the-middle would likely be able to decrypt these credentials and gain administrative access to the vulnerable device.
Solution
Cisco says firmware version 1.4.2.22 for RV320 and RV325 addresses the incomplete fixes for CVE-2019-1652 and CVE-2019-1653. The release notes for 1.4.2.22 show that CVE-2019-1827 and CVE-2019-1828 are also addressed based on the associated Cisco Bug IDs.
Identifying affected systems
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Get more information
- Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
- Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
- Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
- Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability
- Tenable Blog: Public Exploit Scripts for Vulnerable Cisco Small Business RV320 and RV325 Devices Now Available
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Articoli correlati
Detecting Risky Third-party Drivers on Windows Assets
August 7, 2024Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
August 6, 2024As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems.
EPSS Shows Strong Performance in Predicting Exploits, Says Study from Cyentia and FIRST
July 30, 2024Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation.
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
August 23, 2024Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!
SSRFing the Web with the Help of Copilot Studio
August 20, 2024Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
August 16, 2024NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malware, the Radar/Dispossessor ransomware gang and CVE severity assessments!
- Threat Management
- Vulnerability Management
- Vulnerability Scanning