Cyber attackers have actively exploited two new patches of high-severity router vulnerabilities in the wild after releasing their proof-of-concept exploitation codes on the Internet last weekend.
The vulnerability in the question is a command injection fault (assigned to CVE-2019-1652) and an information disclosure defect (assigned to CVE-2019-1653), with the combination of a remote attacker to take full control of an affected Cisco router. Can get permission.
The first issue is going to run on 1.4.2.15 through the firmware version 1.4.2.19 in the RV320 and RV325 dual-gigabit van VPN router, and the second will affect the firmware version 1.4.2.15 and 1.4.2.17 according to Cisco's consultant.
Both the discovery and responsibility of the weaknesses told to the company by the German security firm RedTeam Pentesting actually live in the web-based management interface used for the router and are remotely exploitative.
CVE-2019-1652 - Allows a certified, remote attacker with administrative privileges on an affected device to execute arbitrary commands on fault systems.
CVE-2019-1653 - This defect does not require any authentication to access the router's web-based management portal, allowing attackers to obtain sensitive information, including the router's configuration file, in which MD5 hashed credentials and diagnostics Information is included.
PoC exploitation code targeting the published Cisco RV320 / RV325 router on the Internet uses CVE-2019-1653 first, to obtain its hashed credentials, to obtain the configuration file from the router, and then to execute arbitrary commands and complete Explains CVE-2019-1652 to gain control. Of the affected device.
Researchers from cybercity firm Bad Packets said they found at least 9,657 cisco routers (6,247 RV320 and 3,410 RV325) worldwide, which are weak for information disclosure vulnerability, most of which are located in the United States.
The firm shared an interactive map, in which 122 countries have all the weak RV320 / RV325 Cisco routers and 1,619 unique Internet service providers network.
Bad Packets said that its hanipots detected opportunistic scanning activity for weak router from many hosts from Saturday, suggesting that hackers are actively trying to exploit the loopholes to take full control of the weak router.
The best way to save yourself from being the target of such an attack is to install the Cisco RV320 and RV325 Firmware Release 1.4.2.20 as soon as possible.
Administrators who have not yet implemented firmware updates, are highly recommended to change their router's admin and WiFi credentials by assuming that they are already compromised.
No comments:
Post a Comment