Zero-day vulnerability found on Cisco routers

Read time 2min 00sec

Researchers from attack surface management company CyCognito have uncovered a significant cross-site scripting (XSS) vulnerability on the Web admin interface of Cisco small business router models RV042 and RV042G.

XXS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted Web sites. In this case, the vulnerability gives bad actors access to admin actions and sensitive information as well as the ability to phish for credentials and potentially move laterally, or deeper into the network.

The vulnerability was detected when CyCognito was mapping the attack surface of one of its customers that was using a small business router from Cisco. It gives malefactors a simple way to take control of a router administrator’s Web configuration utility, which would enable them to perform all admin actions, including viewing and modifying sensitive data, taking control of the router and gaining access to other systems.

CyCognito worked with Cisco to resolve the vulnerability and Cisco released a patch on 17 June and an Advisory on 1 July.

Following responsible disclosure processes, once the CyCognito platform discovered the Cisco vulnerability, it was disclosed to, and verified by Cisco.

Alex Zaslavsky, CyCognito’s head of Security Research, says: “Commandeering a network router puts attackers in a prime position for intercepting company secrets and crucial data and to advance their attacks.”

According to him, attackers latch on to these vulnerabilities because they have such a wide range of uses, and can even take over an account and impersonate the victim.

“A vulnerability in an admin configuration utility can be even more damaging as phished credentials can be used to try to gain access to other systems within a company’s infrastructure,” he adds.

CyCognito worked with Cisco to resolve the vulnerability and Cisco released a patch on 17 June and an Advisory on 1 July.

Zaslavsky says CyCognito believes in ‘path of least resistance detection’ (POLaR). “This discovery highlights why preventing cyber attacks requires continuous attack surface monitoring, specifically using the concept of POLaR.”

Companies across the board must have the ability to discover the full extent of their attack surface, understand the business context of discovered assets, and detect and prioritise risks that attackers are most likely to target so they can be remediated first, he ends.

See also