Cisco fixes 5 critical flaws that could allow router firewall takeover

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover.

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices.

Cisco also addressed a privilege escalation issue that impacts the Cisco Prime License Manager software.

The five vulnerabilities have been labeled as critical and rated 9.8 out of 10 CVSS base score, below the list of the issues fixed by Cisco.

Vulnerability	CVE-ID
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability	CVE-2020-3330
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability	CVE-2020-3323
Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability	CVE-2020-3144
Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability	CVE-2020-3331
Cisco Prime License Manager Privilege Escalation Vulnerability	CVE-2020-3140

The Cisco Product Security Incident Response Team (PSIRT) confirmed that it is not aware of any public announcements or malicious use of the above vulnerabilities.

The tech giant confirmed that there are no workarounds that fix these vulnerabilities.

The company acknowledged the external security researchers Larryxi of XDSEC, Gyengtak Kim, Jeongun Baek, and Sanghyuk Lee of GeekPwn, Quentin Kaiser, and Adam Engle of AdventHealth for the flaws.

Cisco released security updates to address other 22 high and medium severity security vulnerabilities impacting several routers, WebEx, Cisco SD-WAN Solution Software versions and other software.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.