Skip to main content

Have A Cisco SMB Firewall Or Router? Update Now

By June 30, 2016September 7th, 2021Blog, Technology News

Your Data at Risk

If you use a Cisco firewall or router to protect your digital assets, it’s time to check your equipment. Cisco recently released a security advisory that covers three of its popular, widely used pieces of equipment:

  • The RV 110W Wireless-N VPN Firewall
  • The RV 130W Wireless-N Multifunction VPN Router
  • The RV 215W Wireless-N VPN Router

If you’re using any of these, then brace for impact. The company has found two key security flaws that put you, your company, and your data at risk.

How Hacking Takes Place

The first and most threatening is a vulnerability that allows hackers to send HTTP requests to your device, loaded with custom user data. When they do, they’ll gain root-level control on your system that can lead to a complete compromise.

The second (listed as medium-severity by Cisco) is a cross-site scripting flaw (XSS) which could allow a hacker to execute an arbitrary script to “trick” your equipment into allowing them to view sensitive browser-based information. In addition to these, two other medium-severity buffer overflows were found, which, if exploited, could result in devastating DoS (denial of service) attacks on your system.

In other words, the news is about as bad as it could possibly get, but there’s more. Until a patch is issued, there’s really no good way to guard against the threats that these security flaws represent, and according to Cisco, the soonest we can expect to see a patch to address these flaws will be sometime in the 3rd quarter of this year.

Solution

Under normal circumstances, the quick and easy solution would be to disable remote management of these devices, and in so doing, eliminate the threat that the security flaws represent, but the presence of the XSS flaw makes that approach unworkable. The hackers could simply use that to get around the fact that you’ve disabled remote management, leaving you with few good options until Cisco releases their patches.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply