Sunday, December 10, 2023

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Cisco released security updates for 2 severe vulnerabilities that affected Cisco wireless VPN, Firewall and Cisco Webex Meetings Desktop App.

First one is a remote command execution vulnerability that has been marked as “Critical” and another one is local Command Injection Vulnerability which is marked as “high” severity.

Remote Command Execution Vulnerability CVE-2019-1663 affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows remote attacker to execute arbitrary code on an vulnerable device.

Another local command injection vulnerability CVE-2019-1674 that affected Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools allow local attackers to execute arbitrary commands as a privileged user.

Remote command execution flaw affected the Cisco Wireless VPN & Firewall based routers due to improper validation of user-supplied data in the web-based management interface.

According to Cisco released notes. This vulnerability CVE-2019-1663 affects all releases of the following Cisco products prior to those listed in Fixed Releases:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Remote attackers exploit this vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high priviledge.

Another local command injection vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7.

This Webex vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument.

First Vulnerability reported by Yu Zhang and Haoliang Lu at the GeekPwn conference and another local command injection flaw reported by
Marcos Accossatto of SecureAuth.

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

Learn : Vulnerability Management Analysis Online Course

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System

Website

Latest articles

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

A critical remote code execution vulnerability has been patched as part of the Wordpress...

Russian Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information. Successful email...

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles