Zero-day vulnerability affects Cisco small business routers

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.

This vulnerability affects the following Cisco Small Business RV Series Routers if they have UPnP configured:

RV110W Wireless-N VPN Firewalls
RV130 VPN Routers
RV130W Wireless-N Multifunction VPN Routers
RV215W Wireless-N VPN Routers

Cisco has not and will not release software updates to address this vulnerability, as "there are no workarounds that address this vulnerability," Cisco says. However, administrators may disable the affected feature.

"The new UPnP vulnerabilities found in the Cisco Small Business line of routers should be taken seriously by network security teams. Exposure should be identified and prioritized based on contextualized business risk," says Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation. "Based on this measure of risk, steps to mitigate the threat should be taken to protect the business."

Zach Varnell, Senior AppSec Consultant at nVisium, a Falls Church, Virginia-based application security provider, explains, "These are very popular Cisco devices, and it's extremely common for said devices to rarely — or never — receive updates. Users tend to want to leave well enough alone and not touch a device that's been working well — including when it needs important updates. Many times, users also take advantage of plug-and-play functionality, so they do very little or zero configuration changes, leaving the device at its default status and ultimately vulnerable."

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.

ON DEMAND: Apple Mac computer use is growing in the corporate space. Having the solutions and the knowledge base to respond to events that include Mac computers is just as important as their Windows counterparts.