Lucene search

K
thnThe Hacker NewsTHN:F4C5F017FE55E40DF427E75D001F7D91
HistoryJan 28, 2019 - 11:31 a.m.

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

2019-01-2811:31:00
The Hacker News
thehackernews.com
587

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

hacking cisco routers

If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week.

Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend.

The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router.

The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the Ciscoโ€™s advisory.

Both the vulnerabilities, discovered and responsibly reported to the company by German security firm RedTeam Pentesting, actually resides in the web-based management interface used for the routers and are remotely exploitable.

  • CVE-2019-1652โ€”The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system.
  • CVE-2019-1653โ€”This flaw doesnโ€™t require any authentication to reach the routerโ€™s web-based management portal, allowing attackers to retrieve sensitive information including the routerโ€™s configuration file containing MD5 hashed credentials and diagnostic information.

The PoC exploit code targeting Cisco RV320/RV325 routers published on the Internet first exploits CVE-2019-1653 to retrieve the configuration file from the router to obtain its hashed credentials and then exploits CVE-2019-1652 to execute arbitrary commands and gain complete control of the affected device.

Researchers from cybersecurity firm Bad Packets said they found at least 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide that are vulnerable to the information disclosure vulnerability, most of which located in the United States.

The firm shared an interactive map, showing all vulnerable RV320/RV325 Cisco routers in 122 countries and on the network of 1,619 unique internet service providers.

Bad Packets said its honeypots detected opportunistic scanning activity for vulnerable routers from multiple hosts from Saturday, suggesting the hackers are actively trying to exploit the flaws to take full control of the vulnerable routers.

The best way to protect yourself from becoming the target of one such attack is to install the latest Cisco RV320 and RV325 Firmware release 1.4.2.20 as soon as possible.

Administrators who have not yet applied the firmware update are highly recommended to change their routerโ€™s admin and WiFi credentials considering themselves already compromised.

Found this article interesting? Follow THN on Facebook, Twitter ๏‚™ and LinkedIn to read more exclusive content we post.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%