fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cisco Fixes Critical Code Execution Bugs In SMB VPN Routers

Cisco Fixes Critical Code Execution Bugs In SMB VPN Routers

Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices.

The root user is the system’s superuser on Unix operating systems, a special user account usually used only for system administration tasks.

The security bugs with a severity rating of  9.8/10 were found in the web-based management interface of Cisco small business routers.

“These vulnerabilities exist because HTTP requests are not properly validated,” Cisco explains in an advisory published earlier today.

“An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device.”

Also Read: Limiting Location Data Exposure: 8 Best Practices

Security update available for all vulnerable routers

According to Cisco, the following Small Business Routers are vulnerable to attacks attempting to exploit these vulnerabilities if running a firmware version earlier than Release 1.0.01.02:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

Cisco says that its Dual WAN Gigabit VPN Routers (including RV340, RV340W, RV345, and RV345P) are not affected.

The company has fixed the vulnerabilities in firmware releases 1.0.01.02 and later issued for all impacted routers.

To update your router to the latest release, you have to go to the Cisco Software Center and follow this procedure:

  1. Click Browse all.
  2. Choose Routers > Small Business Routers > Small Business RV Series Routers.
  3. Choose the appropriate router.
  4. Choose Small Business Router Firmware.
  5. Choose a release from the left pane of the product page.

No public exploits or active exploitation

Luckily, even if you cannot immediately patch vulnerable routers, the Cisco Product Security Incident Response Team (PSIRT) says that it isn’t “aware of any public announcements or malicious use of the vulnerabilities.”

The vulnerabilities were discovered and reported to Cisco by T. Shiomitsu, swings of Chaitin Security Research Lab, and simp1e of 1AQ Team.

Also Read: 10 Practical Benefits of Managed IT Services

Cisco today has also addressed high severity vulnerabilities impacting other business routers and the IOS XR software.

Last month, Cisco has also patched several pre-auth RCE vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us