News Stay informed about the latest enterprise technology news and product updates.

Cisco provides patch for critical wireless router vulnerability

Cisco Systems has provided a security patch for an authentication vulnerability found in its Wireless N-VPN family of routers and firewall.

Cisco Systems Inc. provided updated firmware this week that addresses a severe vulnerability founds in its Wireless N-VPN family of small business routers, as well as its Wireless N-VPN firewall.

In a security advisory, Cisco explained that the wireless router vulnerability is the result of an "improper handling of authentication requests by the Web framework" and can be exploited remotely.

Though the networking giant is not aware of the flaw being actively exploited in the wild, Cisco urged companies to upgrade their Wireless N-VPN products to the latest firmware, warning that there are no current workarounds to mitigate the issue, and that a successful exploit would have dire consequences.

"Successful exploitation of the vulnerability may allow an attacker to gain full control of the affected device," Cisco said. "An attacker with full administrative access to the device can configure all the settings of the router through the Web-based administration user interface."

Gustavo Javier Speranza, an Argentina-based computer forensics investigator, originally reported the vulnerability to Cisco. In a full disclosure post on Neohapsis' website, Speranza explained that an attacker can gain admin access to a device simply by manipulating the POST data on the administration page, thereby effectively bypassing the login.

Cisco rated the vulnerability a 10, the highest severity level on the Common Vulnerability Scoring System, noting that an exploit can be launched relatively easily and would lead to a complete compromise of a device.

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.