Trending CVEs for the Week of January 28th, 2019
- Jan 30, 2019
- Shawn Evans
This week’s most talked about vulnerability is CVE-2019-1653. It is an information disclosure vulnerability affecting web-based management interface of Cisco Small Business RV320 and RV325 routers. It could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. It was discovered and privately disclosed to Cisco by a German security firm RedTeam Pentesting, along with a remote command injection flaw – CVE-2019-1652. The two vulnerabilities can be combined to allow a remote attacker to take full control of an affected Cisco router:
Both vulnerabilities were published in the NVD on 01/24/2019, where they are currently awaiting analysis (no CVSS score). Cisco Security Advisory lists CVSS Base Scores of 7.5 and 7.2 for CVE-2019-1653 and CVE-2019-1652, respectively.
According to Cisco Security Advisories:
Security researcher David Davidson published a proof-of-concept exploit for the two vulnerabilities on Github. The exploit retrieves configuration details using CVE-2019-1653 and then uses CVE-2019-1652 to execute arbitrary commands and gain complete control of the affected device.
Researchers from cybersecurity firm Bad Packets have found over 9,000 vulnerable Cisco routers worldwide, most of which located in the United States. They have shared an interactive map of these routers. Bad Packets also reported that its honeypots have detected network scanning activity for vulnerable routers from multiple hosts, suggesting that hackers are actively trying to exploit these flaws to take full control of the vulnerable routers.
Cisco has released free software updates that address the two vulnerabilities described above: