Update your Cisco router immediately! Security researchers discovered multiple vulnerabilities in the firmware of Cisco small-business routers. These routers were embedded with the same encryption keys. Cisco only discovered the vulnerabilities after receiving reports from security researchers.
Specifically, two types of routers were impacted with the vulnerabilities: Cisco RV320 and RV325 Dual Gigabit WAN VPN routers. Three major vulnerabilities were found in these routers. The first is the existence of three static certificates and keys in the router. These include two X.509 certificates with their public/private keys and one static Secure Shell (SSH) host key. Fortunately, these certificates are used only for testing, however, the presence of them in the firmware is concerning.
Cisco called this an ‘oversight’, further saying
“The inclusion of these certificates and keys in shipping software was an oversight by the development team for these routers”.
Further, developers left the hardcoded password hash for the /etc/shadow file in the firmware of the routers. This means the router can easily be exploited by anyone with access to the base operating system, who could then get into the root access on the target device. Cisco has added that they are “not currently aware of a way to access the base operating system on these routers”
Third, several vulnerabilities were found in third-party software components. To address this issue, Cisco is planning to use the Cisco Security Vulnerability Policy to follow the Cisco process.
Cisco has released an updated firmware, which removes the statice certificates, keys, and the hardcoded user account. To update your Cisco router, go to Cisco.com and download the firmware from the software center. Follow these steps:
- “Click Browse all.
- Choose Routers > Small Business Routers > Small Business RV Series Routers.
- Choose a specific product from the right pane of the product selector.
- Click Small Business Router Firmware.”
Contact LIFARS Today
For Security Advisory Services