Cisco waves swatter at ten new vulnerabilities

It's 2017, and UPnP is still a critical attack vector

Reg comments Got Tips?

Universal Plug-and-Play remains a gift-that-keeps-on-giving for infosec researchers, with Cisco announcing a critical vulnerability in the software that plagues its CVR100W wireless VPN router.

Because the CVR100W doesn't fully range-check UPnP input data, an attacker can crash the device, possibly getting access to a root shell.

Cisco's advisory says: “This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release”.

The bug was reported by GeekPwn and has been patched.

Switchzilla's Wednesday patchfest this week also includes three security vulnerabilities given a high rating:

  • A denial-of-service bug in routers running IOS XR: the Event Management Service Daemon has a bug in gRPC request handling that can be exploited to crash the unit;
  • TelePresence has a “ping of death” bug in its ICMP packet ingress processing, on both IPv4 and IPv6 traffic;
  • Aironet 1800, 2800 and 3800 access points have a plug-and-play vulnerability. While PNP can be crashed through to a root shell, PNP is only active on unconfigured devices.

There are also medium-rated bugs in Cisco's Wide Area Application Services; the FirePOWER module in Firepower Threat Defense and ASA; its Unified Contact Center Enterprise Finesse notification service; the access control list for CVR100W wireless routers; the Unity Connection voicemail system; and Call Manager Express. ®


Biting the hand that feeds IT © 1998–2020