Cyber Security News

Over 19,000 End-of-life Cisco VPN Routers Open for RCE Attacks

Censys recently reported that there are 19,500 end-of-life Cisco VPN routers being used by individuals and small businesses on the internet that may be at risk of being targeted by a new attack. 

Using a combination of the two vulnerabilities mentioned below, threat actors have been able to evade authentication processes and execute arbitrary commands on Cisco Small Business routers based on the underlying operating system:-

Routers Affected by the Vulnerability

There are four Cisco small business routers that are affected by this vulnerability, and here below we have mentioned them:-

  • RV016
  • RV042
  • RV042G
  • RV082

Top Countries Running a Vulnerable Cisco Device

Here below we have mentioned the top ten countries that are currently running a vulnerable Cisco device:-

  • United States: 4,594
  • Canada: 1,748
  • India: 1,508
  • Brazil: 1,355
  • Poland: 1,314
  • Argentina: 1,156
  • Thailand: 806
  • Mexico: 535
  • Colombia: 489
  • China: 446

Thousands of Vulnerable Routers

There is a critical severity vulnerability in routers that allows unauthenticated attackers to bypass the authentication process and gain root access. This vulnerability can be exploited remotely by sending specially crafted HTTP requests to the router’s web-based management interface. 

Gaining root access means that the attacker has complete control over the router and can make changes, access sensitive information, and potentially use the router as a pivot point to attack other devices on the network. 

​Cisco affirmed that even though end-of-life devices will no longer receive security updates, users can still take steps to protect them from attacks. 

Recommendation

A recommended solution is to disable the web-based management interface and block access to ports 443 and 60443. Doing so would prevent any exploitation attempts on the device.

To do so you have to follow the simple steps that we have mentioned below:- 

  • First of all, log into each vulnerable router’s web-based management interface.
  • Then go to Firewall
  • After that, you have to go to General.
  • Now, uncheck the Remote Management check box.
  • That’s it, now you are done.

In the event the above mitigations are implemented, the affected routers will still be accessible via the LAN interface and could still be configured.

Here below we have mentioned a few more security measures recommended by the experts:-

  • A new risk for this CVE will be available to Censys ASM customers.
  • On me.censys.io, users can view the services that are exposed over the internet by the host they are on.
  • For the purpose of finding hosts with matching model numbers, use Censys search.

Network Security Checklist – Download Free E-Book

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

50 mins ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

3 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

3 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

8 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

8 hours ago

2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now

Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that…

9 hours ago