Cisco has patched critical vulnerabilities in a range of its small business routers and WLAN controllers including, which if exploited can not only cause denial-of-service conditions, but could also compromise the confidentiality, integrity and availability of devices.
“A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device”, note Cisco in its security advisory.
Cisco revealed that the vulnerability was present because of the manner in which authentication requests were being handled by the web framework. Cisco said that an attacker could exploit the vulnerability by intercepting, modifying and resubmitting the authentication request.
“Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device.”
Cisco has assigned the vulnerability a score of 10, which is the highest ever rating for a vulnerability given by the networking giant.
Cisco has revealed that it is not aware of any instances wherein the vulnerability has been exploited publicly.
You can head onto the security advisory listing and download the updated firmware in case you have one of the affected devices installed in your infrastructure.
