Cisco Systems Inc. provided updated firmware this week that addresses a severe vulnerability founds in its Wireless...
N-VPN family of small business routers, as well as its Wireless N-VPN firewall.
In a security advisory, Cisco explained that the wireless router vulnerability is the result of an "improper handling of authentication requests by the Web framework" and can be exploited remotely.
Though the networking giant is not aware of the flaw being actively exploited in the wild, Cisco urged companies to upgrade their Wireless N-VPN products to the latest firmware, warning that there are no current workarounds to mitigate the issue, and that a successful exploit would have dire consequences.
"Successful exploitation of the vulnerability may allow an attacker to gain full control of the affected device," Cisco said. "An attacker with full administrative access to the device can configure all the settings of the router through the Web-based administration user interface."
Gustavo Javier Speranza, an Argentina-based computer forensics investigator, originally reported the vulnerability to Cisco. In a full disclosure post on Neohapsis' website, Speranza explained that an attacker can gain admin access to a device simply by manipulating the POST data on the administration page, thereby effectively bypassing the login.
Cisco rated the vulnerability a 10, the highest severity level on the Common Vulnerability Scoring System, noting that an exploit can be launched relatively easily and would lead to a complete compromise of a device.