Multiple Vulnerabilities in Cisco VPN Routers Could Allow for Arbitrary Code Execution.

DESCRIPTION:
Multiple vulnerabilities have been discovered in Cisco VPN Routers, the
most severe of which could allow for arbitrary code execution as the
root user of an affected device. These VPN routers are often used to
connect hosts via the router hardware as opposed to individual
installations on each device.

Successful exploitation of the most severe of these vulnerabilities
could allow for arbitrary code execution in the context of the root user
of an affected device. An attacker could then view, change, or delete
data and perform other unauthorized actions on the affected device.

IMPACT:
Multiple vulnerabilities have been discovered in Cisco VPN Routers, the
most severe of which could allow for arbitrary code execution as the
root user of an affected device. The vulnerabilities exist due to
improper validation of HTTP requests to the web-based management
interfaces of the affected devices. An attacker could exploit these
vulnerabilities by sending a crafted HTTP request to the web-based
management interface of an affected device.

Details of the CVEs have not been released yet, but their IDs are as
follows:

* CVE-2021-1289
* CVE-2021-1290
* CVE-2021-1291
* CVE-2021-1292
* CVE-2021-1293
* CVE-2021-1294
* CVE-2021-1295

Successful exploitation of the most severe of these vulnerabilities
could allow for arbitrary code execution in the context of the root user
of an affected device. An attacker could then view, change, or delete
data and perform other unauthorized actions on the affected device.

SYSTEM AFFECTED:
* RV160 VPN Router w/firmware prior to Release 1.0.01.02
* RV160W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02
* RV260 VPN Router w/firmware prior to Release 1.0.01.02
* RV260P VPN Router with POE w/firmware prior to Release 1.0.01.02
* RV260W Wireless-AC VPN Router w/firmware prior to Release 1.0.01.02

RECOMMENDATIONS:
We recommend the following actions be taken:

* Apply appropriate updates provided by Cisco to vulnerable systems
immediately after appropriate testing.
* Block external access at the network boundary, unless external parties
require service.
* Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1295

Share