Cisco issued tawdry patches for its RV320/RV325 routers leaving them vulnerable again
- Cisco has acknowledged the badly made patches for the two routers.
- This comes after a proof-of-concept(PoC) exploit surfaced on GitHub which abused the vulnerabilities existing even after the patches.
Networking giant Cisco is now under the scanner for releasing poor quality patches for one of its product series. The company had published these security updates in January to address two vulnerabilities existing in its VPN router models RV320 and RV325 but failed to do so. The inaccuracy in these patches was discovered when a security expert came up with a PoC exploit for the routers.
The big picture
- The two vulnerabilities, CVE-2019-1652 & CVE-2019-1653 could enable attackers to execute arbitrary code and steal sensitive information from the routers.
- Security patches published in January that were meant to remediate both these vulnerabilities turned out to be ineffective.
- It is reported that around 10,000 devices are still left vulnerable with these faulty patches applied to them.
- The patches were simply found to blacklist curl, a command-line tool to transfer data using various protocols.
- As of now, Cisco has not released new updates or workarounds to address the vulnerabilities.
Why it matters - A user who goes by the name David Davidson is credited with the PoC exploit. Security researcher Troy Mursch of Bad Packets believes that this exploit is probably used by attackers to compromise the RV320 & RV325 routers.
“I would advise affected users to upgrade to firmware version 220.127.116.11 and change their device passwords immediately. It's likely these routers will be targeted by miscreants for abuse, but to what degree yet is unknown. CVE-2019-1652 allows for further exploitation once the credentials are obtained," Mursch told ZDNet.
It is expected that Cisco will fix the bugs in the routers with appropriate changes in the router’s firmware.