threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
URL:
https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/
Submission: On August 21 via api from US
Submission: On August 21 via api from US
Form analysis 4 forms found in the DOM
POST /critical-cisco-bug-routers-unpatched/168831/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/critical-cisco-bug-routers-unpatched/168831/#gf_5">
<div class="gform_body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_8"></label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"></div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_1"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden"
aria-invalid="false" value=""></li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice_5_2_1">
<input name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice_5_5_1">
<input name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Phone</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description__10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button" value="Subscribe" onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" style="display: none;"> <input
type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
<div class="o-col-12@md">
<div class="c-form-element c-checkbox-wrapper"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the
next time I comment.</label></div>
</div>
</div>
<p class="comment-form-checkbox c-form-element c-checkbox-wrapper"><input type="checkbox" value="1" name="subscribe" id="subscribe"><label for="subscribe">Notify me when new comments are added.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="168831" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="e608e333ca"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="bCVVbY2d3lb97kLTGrgZuQRDK" name="LFsY1deEqymfWPCupqY57fQe4">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
var captchaContainer = null;
captchaContainer = grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript><textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100" style="display: none !important;"></textarea><input type="hidden" id="ak_js" name="ak_js" value="1629505185280">
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
*
* *
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Phone
This field is for validation purposes and should be left unchanged.
This iframe contains the logic required to handle Ajax powered Gravity Forms.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Cloud Security
* Malware
* Vulnerabilities
* InfoSec Insiders
* Podcasts
*
*
*
*
*
*
*
Search
* InkySquid State Actor Exploiting Known IE BugsPrevious article
* How Ready Are You for a Ransomware Attack?Next article
CRITICAL CISCO BUG IN SMALL BUSINESS ROUTERS TO REMAIN UNPATCHED
Author: Tara Seals
August 19, 2021 4:34 pm
3 minute read
Write a comment
Share this article:
*
*
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that
have reached end-of-life.
A critical security vulnerability in Cisco Small Business Routers (RV110W,
RV130, RV130W and RV215W models) allows remote code execution (RCE) and denial
of service (DoS). The networking giant said that no patch or workaround will be
coming for the bug, since the routers reached end-of-life back in 2019.
The bug (CVE-2021-34730) is one of six addressed by Cisco this week; it also
issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability
unveiled earlier this week (CVE-2021-22156), which affects multiple vendors,
well beyond Cisco.
PATCH DENIED: CRITICAL RCE FOR EOL GEAR
The critical router issue, which carries a base CVSS score of 9.8 out of 10,
affects the hardware’s Universal Plug-and-Play (UPnP) service, Cisco said. It
could allow an unauthenticated attacker to achieve RCE or cause an affected
device to restart unexpectedly.
“This vulnerability is due to improper validation of incoming UPnP traffic,”
according to the advisory. “An attacker could exploit this vulnerability by
sending a crafted UPnP request to an affected device. A successful exploit could
allow the attacker to execute arbitrary code as the root user on the underlying
operating system or cause the device to reload, resulting in a DoS condition.”
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers, which
reached end-of-life in September of 2019. Cisco stopped issuing bug fixes on
Dec. 1 of last year. Affected companies should look to update their hardware to
avoid compromise.
The other critical flaw addressed in the updates has to do with the BlackBerry
QNX-2021-001 bug disclosed this week, which allows threat actors to take over or
launch DoS attacks on devices and critical infrastructure. Essentially, the
known group of BadAlloc bugs tied to BlackBerry’s embedded QNX operating system
(OS) now affects older devices.
Cisco’s advisory simply states, “Cisco is investigating its product line to
determine which products and services may be affected by this vulnerability.” So
far, no products have been listed.
MEDIUM-SEVERITY SECURITY BUGS IN CISCO GEAR
The remaining five patches are all rated medium in severity, and affect products
from across Cisco’s portfolio. These bugs are:
* CVE-2021-34749: Server Name Identification (SNI) Data-Exfiltration
Vulnerability (Cisco Web Security Appliance (WSA), Cisco Firepower Threat
Defense (FTD), Snort Detection Engine)
* CVE-2021-1561: Spam Quarantine Unauthorized-Access Vulnerability (Cisco
Secure Email and Web Manager)
* CVE-2021-34734: Double-Free Denial-of-Service Vulnerability (Cisco Video
Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol)
* CVE-2021-34715: Image-Verification Vulnerability (Cisco Expressway Series and
TelePresence Video Communication Server)
* CVE-2021-34716: RCE Vulnerability (Cisco Expressway Series and TelePresence
Video Communication Server)
The first bug could allow an unauthenticated, remote attacker to bypass
filtering technology on an affected device to execute a command-and-control
attack on a compromised host and perform and exfiltrate data from a compromised
host. The advisory is an interim one, and Cisco said it was still investigating
which product versions are affected.
“This vulnerability is due to inadequate filtering of the SSL handshake,”
according to the advisory. “An attacker could exploit this vulnerability by
using data from the SSL client hello packet to communicate with an external
server.”
The spam-quarantine-related vulnerability affects Cisco Secure Email and Web
Manager releases earlier than Release 14.1. It could allow an authenticated,
remote attacker to gain unauthorized access and modify the spam quarantine
settings of another user, so that malicious messages could get through or
attackers could read messages.
“This vulnerability exists because access to the spam quarantine feature is not
properly restricted,” according to the advisory. “An attacker could exploit this
vulnerability by sending malicious requests to an affected system.”
The third bug exists in the Link Layer Discovery Protocol (LLDP) implementation
for Cisco Video Surveillance 7000 Series IP Cameras with firmware release
2.12.4. Exploitation could allow an unauthenticated, adjacent attacker to cause
a DoS condition.
“This vulnerability is due to improper management of memory resources, referred
to as a double free,” according to Cisco. “An attacker could exploit this
vulnerability by sending crafted LLDP packets to an affected device.”
The last two vulnerabilities exist in the Expressway and TelePresence products
and can be exploited by authenticated, remote attackers to execute code.
The first of these allows RCE with internal user privileges on the underlying
operating system; it affects users running a release earlier than the first
fixed release (the bug was introduced when support for validation of SHA512
checksums was introduced in Release X8.8).
The second allows RCE on the underlying operating system as the root user. It
affects releases earlier than the first fixed release if users are running
Release X8.6 or later.
Check out our free upcoming live and on-demand webinar events – unique, dynamic
discussions with cybersecurity experts and the Threatpost community.
Write a comment
Share this article:
* Vulnerabilities
SUGGESTED ARTICLES
HOW READY ARE YOU FOR A RANSOMWARE ATTACK?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware
defense all companies should implement.
August 19, 2021
WINDOWS EOP BUG DETAILED BY GOOGLE PROJECT ZERO
Microsoft first dismissed the elevation of privilege flaw but decided yesterday
that attackers injecting malicious code is worthy of attention.
August 19, 2021
POSTMORTEM ON U.S. CENSUS HACK EXPOSES CYBERSECURITY FAILURES
Government says cybersecurity failures were many within failed January hack of
U.S. Census Bureau systems.
August 19, 2021
DISCUSSION
LEAVE A COMMENT CANCEL REPLY
Save my name, email, and website in this browser for the next time I comment.
Notify me when new comments are added.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* HOW READY ARE YOU FOR A RANSOMWARE ATTACK?
August 19, 2021
* KERBEROS AUTHENTICATION SPOOFING: DON’T BYPASS THE SPEC
August 18, 2021
* THE OVERLOOKED SECURITY RISKS OF THE CLOUD
August 17, 2021
1
* 5 STEPS TO IMPROVING RANSOMWARE RESILIENCY
July 23, 2021
2
* WHY YOUR BUSINESS NEEDS A LONG-TERM REMOTE SECURITY STRATEGY
July 20, 2021
1
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
Twitter
Critics aren’t pleased with the T-Mobsketeers: “@TMobile left a gate left wide
open for attackers” & the 2-yr ID pr… https://t.co/AYtOXfLnHr
2 days ago
Follow @threatpost
NEXT 00:02 01:22 360p 720p HD 1080p HD Auto (360p) About Connatix V126868 Closed
Caption About Connatix V126868 1/1 Skip Ad Continue watching after the ad Visit
Advertiser website GO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2021 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE