| Developers: | Cisco Systems |
| Technology: | Routers (routers) |
Content |
2023: Attackers gain control over devices due to the existence of critical holes in routers
On January 11, 2023, Cisco announced that there were two critical vulnerabilities in the web management interface of some of its small business routers. Holes allow a remote attacker to seize control of the device.
Issues affect Cisco Small Business RV016, RV042, RV042G, and RV082 routers. The published security bulletin emphasizes that vulnerabilities are present in all software versions that run on the listed routers. There are no patches or other ways to eliminate the danger.
One of the holes, CVE-2023-20025, is associated with incorrect validation of data in incoming HTTP packets. An attacker can exploit this vulnerability by sending a specially created HTTP request to the web management interface. As a result, you can bypass authentication and gain root access to the basic operating system.
The second flaw, CVE-2023-20026, can be exploited in a similar way, but in this case, the cybercriminal will be able to gain root-level privileges and view confidential data. To organize an attack, an attacker must have valid administrator credentials on the vulnerable device.
Cisco notes that it has not released or will not release software updates that fix these vulnerabilities. The fact is that Small Business RV016, RV042, RV042G and RV082 routers have entered the decommissioning process.
 | There are no workarounds to fix these vulnerabilities. However, administrators can mitigate the danger by disabling remote control and blocking access to ports 443 and 60443. Routers will still be available through the LAN interface, the security bulletin says.[1] |  |
2019: Using Huawei certificates
In early July 2019, it became known that digital certificates and keys Huawei were in network equipment. Cisco Because of this, customers and their data were at risk.
SEC Consult experts found X.509 certificates and corresponding personal keys issued by the American company Futurewei Technologies, which belongs to Huawei, in the firmware of Cisco SG250 switches.
| | We noticed that the firmware uses Huawei certificates. And, given the political controversy, we did not want to speculate anymore, "Florian Lukavsky, CEO of SEC Technologies, told ZDNet. | |
SEC Consult used the IoT Inspector tool (which helps developers look for vulnerabilities in the software of Internet of Things equipment) and found out that Huawei certificates were stored in the/root/.ssh/folder.
According to experts, the certificates were in the firmware due to the use of open source software OpenDaylight, which is designed to configure and automate networks.
Cisco said its FindIT development team uses OpenDaylight for testing, and certificates should not have been included in the serial firmware. The problem affected Cisco Small Business 250, 350, 350X, and 550X series switches. The company simply forgot to remove the certificates before installing the firmware on the device, Florian Lukavsky explained.
The manufacturer assured that the certificates and keys from the firmware have already been removed. In addition, Cisco has fixed two vulnerabilities in the Small Business 200, 300 and 500 series switches, the exploitation of which could lead to a malfunction of devices. These vulnerabilities in the company were attributed to "a high degree of seriousness. They could be used by attackers to organize DoS attacks without authentication.[2]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |