Wednesday, May 22, 2024

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Cisco released security updates for 2 severe vulnerabilities that affected Cisco wireless VPN, Firewall and Cisco Webex Meetings Desktop App.

First one is a remote command execution vulnerability that has been marked as “Critical” and another one is local Command Injection Vulnerability which is marked as “high” severity.

Remote Command Execution Vulnerability CVE-2019-1663 affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows remote attacker to execute arbitrary code on an vulnerable device.

Another local command injection vulnerability CVE-2019-1674 that affected Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools allow local attackers to execute arbitrary commands as a privileged user.

Remote command execution flaw affected the Cisco Wireless VPN & Firewall based routers due to improper validation of user-supplied data in the web-based management interface.

According to Cisco released notes. This vulnerability CVE-2019-1663 affects all releases of the following Cisco products prior to those listed in Fixed Releases:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Remote attackers exploit this vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high priviledge.

Another local command injection vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7.

This Webex vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument.

First Vulnerability reported by Yu Zhang and Haoliang Lu at the GeekPwn conference and another local command injection flaw reported by
Marcos Accossatto of SecureAuth.

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

Learn : Vulnerability Management Analysis Online Course

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System

Website

Latest articles

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles