Cisco Improperly Patched Exploited Router Vulnerabilities

Cisco this week revealed that patches released in January for vulnerabilities in Small Business RV320 and RV325 routers were incomplete. The flaws have been exploited in live attacks. 

Hackers were observed targeting two security bugs in the routers, just days after Cisco released fixes. Due to the patches being incomplete, the vulnerabilities were not addressed, meaning that users continue to be exposed. 

“The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix,” the company says. “Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability.”

The first (CVE-2019-1652) of the two vulnerabilities could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The second flaw (CVE-2019-1653) could allow the attacker to retrieve sensitive information.

In late January, security researchers discovered more than 9,600 RV320 and RV325 routers in around 120 countries that were affected by CVE-2019-1653. Attackers could exploit the bug and then leverage CVE-2019-1652 to execute arbitrary commands and take over the affected devices. 

In addition to confirming that the two vulnerabilities were improperly addressed, Cisco this week released patches for two dozen flaws in Cisco IOS and IOS XE Software, including 18 High severity issues and 6 Medium severity bugs. 

These include information disclosure, command injection, denial of service, privilege escalation, arbitrary file upload, certificate validation, and access control list bypass vulnerabilities. Details on these bugs are available on Cisco’s support portal. 

Related: Cisco Patches Critical Vulnerability in Wireless Routers

Related: Hackers Target Cisco Routers via Recently Patched Flaws