Cisco Bungled RV320/RV325 Patches, Routers Still Exposed to Hacks (Mar 28, 2019)
Cisco recently released patches for two registered router vulnerabilities, "CVE-2019-1652" and "CVE-2019-1653," did not properly fix the vulnerabilities and can still allow threat actors to exploit them. The two vulnerabilities, which have been exploited in the wild, could allow an unauthorised remote actor to obtain sensitive router configuration information in models "RV320" and "RV325," as well as execute code without a password. The patch Cisco released only blacklisted "curl," a command-line tool for transferring data online, but still could allow an actor to use non-curl scanners and exploit tools to manipulate the vulnerabilities. The company has acknowledged the problem, but has yet to announce a timeline for the new patch.
Recommendation: This story depicts the importance of policies regarding the importance of applying security patches to network devices when they become available. Users and administrators should reboot the routers and install the necessary update as soon as possible. This story also highlights that organisations need to be thorough in fixing security issues and ensure their patches to vulnerabilities are comprehensive, before they are released.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.