Tuesday, October 8, 2024
HomeComputer SecurityCisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise...

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Published on

Cisco released security updates for 2 severe vulnerabilities that affected Cisco wireless VPN, Firewall and Cisco Webex Meetings Desktop App.

First one is a remote command execution vulnerability that has been marked as “Critical” and another one is local Command Injection Vulnerability which is marked as “high” severity.

Remote Command Execution Vulnerability CVE-2019-1663 affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows remote attacker to execute arbitrary code on an vulnerable device.

- Advertisement - EHA

Another local command injection vulnerability CVE-2019-1674 that affected Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools allow local attackers to execute arbitrary commands as a privileged user.

Remote command execution flaw affected the Cisco Wireless VPN & Firewall based routers due to improper validation of user-supplied data in the web-based management interface.

According to Cisco released notes. This vulnerability CVE-2019-1663 affects all releases of the following Cisco products prior to those listed in Fixed Releases:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Remote attackers exploit this vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high priviledge.

Another local command injection vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7.

This Webex vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument.

First Vulnerability reported by Yu Zhang and Haoliang Lu at the GeekPwn conference and another local command injection flaw reported by
Marcos Accossatto of SecureAuth.

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

Learn : Vulnerability Management Analysis Online Course

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...

Comcast Cyber Attack Impacts 237,000+ Users Personal Data

Comcast Cable Communications LLC has reported that over 237,000 users' data has been compromised....

American Water Works Cyber Attack Impacts IT Systems

American Water Works Company, Inc., a leading provider of water and wastewater services, announced...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...

Comcast Cyber Attack Impacts 237,000+ Users Personal Data

Comcast Cable Communications LLC has reported that over 237,000 users' data has been compromised....