x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Multiple Vulnerabilities in Cisco VPN Routers Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:

2021-019

DATE(S) ISSUED:

02/03/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Cisco VPN Routers, the most severe of which could allow for arbitrary code execution as the root user of an affected device. These VPN routers are often used to connect hosts via the router hardware as opposed to individual installations on each device.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the root user of an affected device. An attacker could then view, change, or delete data and perform other unauthorized actions on the affected device.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • RV160 VPN Router w/firmware prior to Release 1.0.01.02
  • RV160W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02
  • RV260 VPN Router w/firmware prior to Release 1.0.01.02
  • RV260P VPN Router with POE w/firmware prior to Release 1.0.01.02
  • RV260W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02

RISK:

Government:
  • Large and medium government entities: MEDIUM
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: MEDIUM
  • Small business entities: HIGH
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Cisco VPN Routers, the most severe of which could allow for arbitrary code execution as the root user of an affected device. The vulnerabilities exist due to improper validation of HTTP requests to the web-based management interfaces of the affected devices. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device.

Details of the CVEs have not been released yet, but their IDs are as follows:

  • CVE-2021-1289
  • CVE-2021-1290
  • CVE-2021-1291
  • CVE-2021-1292
  • CVE-2021-1293
  • CVE-2021-1294
  • CVE-2021-1295

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the root user of an affected device. An attacker could then view, change, or delete data and perform other unauthorized actions on the affected device.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates provided by Cisco to vulnerable systems immediately after appropriate testing.
  • Block external access at the network boundary, unless external parties require service.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0