The attacks began two days after the company corrected a critical vulnerability
A critical vulnerability in various router
models was recently solved by Cisco.
However, according to network
security and ethical hacking specialists from the International
Institute of Cyber Security, only two days after the corrections were
implemented, hacker groups began conducting scans and launching attacks to
exploit the vulnerability and take control of non-updated devices.
The vulnerability CVE-2019-1663 gained notoriety after being publicly disclosed
during the last week of February, receiving a score of 9.8/10 on the Common
Vulnerability Scoring System (CVSS) scale.
According to network security experts, the
vulnerability was scored so high because of its ease of exploitation and that
no advanced coding skills are required. In addition the flaw bypasses the
entire authentication process and a router can be attacked remotely.
Among the affected router models are Cisco
RV110, RV130 and RV215, mainly used in households and small businesses. That’s
why users of these devices are unfamiliar with any updating policies so it’s
normal for hackers to find vulnerable computers even after Cisco corrected the
bug. According to experts in network security, there’s about 12k of these
devices functioning, and it is possible to find them with tools like Shodan
very easily.
Some members of the cybersecurity community
claim that this vulnerability was caused by a neglect of Cisco encoders, which
used a function considered insecure (known as string copy).
The experts explained that the use of this
function caused the authentication mechanism of the routers to be exposed to a
buffer overflow, because of this the attackers injected commands that they
executed with administrator privileges during the authentication process.
Manufacturers recommend that the users of these
devices apply the updates as soon as possible. If a user believes that his
router could have been compromised, it is advisable to update the firmware, the
experts mention.
