Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on the devices and more.
According to Cisco’s Wednesday advisory, attackers could exploit the bugs (which variously affect the RV160, RV260, RV340 and RV345 appliances) to do the following:
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization protections
Fetch and run unsigned software
Cause denial of service (DoS)
Cisco also said that proof-of-concept exploits are available for “several of the vulnerabilities,” but the company didn’t offer details on any in-the-wild attacks.
The most concerning critical vulnerability rates 10 out of 10 on the CVSS vulnerability-severity scale. It arises in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345 and RV345P Dual WAN Gigabit VPN routers. It could allow unauthenticated RCE, according to the advisory. At worst, device takeover would allow unfettered access to the business network on the part of an attacker.
This vulnerability is due to insufficient boundary checks when processing specific HTTP requests,” the advisory reads. “An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. A successful exploit could allow the attacker to execute code with root privileges on the affected device.
According to Cisco’s Wednesday advisory, attackers could exploit the bugs (which variously affect the RV160, RV260, RV340 and RV345 appliances) to do the following:
Execute arbitrary code
Elevate privileges
Execute arbitrary commands
Bypass authentication and authorization protections
Fetch and run unsigned software
Cause denial of service (DoS)
Cisco also said that proof-of-concept exploits are available for “several of the vulnerabilities,” but the company didn’t offer details on any in-the-wild attacks.
The most concerning critical vulnerability rates 10 out of 10 on the CVSS vulnerability-severity scale. It arises in the SSL VPN module of Cisco Small Business RV340, RV340W, RV345 and RV345P Dual WAN Gigabit VPN routers. It could allow unauthenticated RCE, according to the advisory. At worst, device takeover would allow unfettered access to the business network on the part of an attacker.
This vulnerability is due to insufficient boundary checks when processing specific HTTP requests,” the advisory reads. “An attacker could exploit this vulnerability by sending malicious HTTP requests to the affected device that is acting as an SSL VPN Gateway. A successful exploit could allow the attacker to execute code with root privileges on the affected device.
