Network Security, Patch/Configuration Management, Vulnerability Management

Cisco warns of four unpatched vulnerabilities in firewall, two routers

Cisco Wednesday disclosed four vulnerabilities – one critical – in the web-based management interfaces of three products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

The critical issue is an arbitrary code execution vulnerability resulting from insufficient sanitization of HTTP user-supplied input. Consequently, an unauthenticated attacker could send crafted HTTP requests to targeted systems in order to remotely execute code with root-level privileges. There are no workarounds or patches for the flaw at this time, though Cisco confirmed to SCMagazine.com that "a fix is under development and will be released in the near future." Disabling remote management capabilities also reduces the likelihood that this vulnerability can be exploited.

Cisco's three other advisories pertain to a cross-scripting vulnerability and two HTTP request buffer overflow vulnerabilities. The company said it plans to release firmware updates addressing these flaws in Q3 2016.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.