SDxCentral | March 05, 2019
Hackers this week took advantage of online instructions to target some Cisco WiFi routers. The attacks come on the heels of the vendor issuing a software patch for the critical security vulnerabilities. The attacks occurred after security research firm Pen Test Partners posted a blog containing demonstration code on how to exploit the routers. The firm was involved in initially finding the vulnerability. Cisco noted that the vulnerability occurs in the web-based management interface of three routers: RV110W, RV130W and RV215W. It reportedly impacts about 12,000 devices in the U.S., Canada, India, Argentina, Poland, and Romania. The vulnerability, known as a Remote Command Execution (RCE) vulnerability, was ranked as “critical” by Cisco, with a 9.8 score (out of a possible 10) on the Common Vulnerability Scoring System. The high rating reflects the ease in attacking the devices remotely over the internet by hackers who also don’t need advanced coding skills. An unauthenticated remote attacker could use the vulnerability to execute arbitrary code, Cisco explained. It isn’t clear from Cisco’s report how attackers might take advantage of such access, but they presumably would be able to monitor secure personal data including passwords. Known Vulnerability: Three security researchers, including one from Pen Test Partners, announced the vulnerability at the GeekPwn Shanghai conference in late October. They didn’t provide technical details or mention the impacted products at the time, although Cisco thanked them for their work. In its blog post, Pen Test Partners criticized Cisco coders for using an insecure function in the C programminglanguage known as strcpy (shorthand for “string copy”) when the routers were first designed. Using strcpy left the authentication process in the routers open to a buffer overflow, allowing attackers to flood the password field and attach malicious commands. “It is well known – notorious even – that strcpy is a dangerous function to use,” the blog said. That blog entry, which was posted on Feb. 28, included code describing how an attack could happen.
SDxCentral | February 21, 2019
As usual, the Cisco Mobile Visual Networking Index points to huge increases in the amount of data being trafficked through networks. And, as usual, it’s a master class in exotic numbers. The report, which covers the 2017-2022 time frame, says that the annual run rate of mobile internet traffic will reach almost a zettabyte by the end of that period. Also by 2022, mobile will make up almost 20 percent of local IP traffic. That’s almost 113 times the amount that mobile traffic generated in 2012. “This Mobile VNI clearly shows that the growing demand for wireless networking is not just a preference (not wanting to be tethered to a landline), but for many it’s an expectation that some form of wireless access (cellular or Wi-Fi) needs to be available and of a suitable performance quality to meet their needs,” Thomas Barnett, director of thought leadership for Cisco’s Service Provider business, told SDxCentral in an email. “Consumers and businesses rely on mobile connectivity not only for their personal devices, but also for a growing number of IoTapplications that will expand and evolve as the 5G ecosystem takes shape (more apps, content, analytics, security, et al.)” Cisco has amassed the massive amount of data that comprises the VNI for more than a decade. This is the ninth mobile edition, which relies in part on data from a number of consultancies, regulators and other organizations. The latest wired VNI was released last November. The report says the number of mobile users will increase from 5 billion to 5.7 billion users, mobile connections from 8.6 billion to 12.3 billion, and average network speed from 8.7 Mbps to 28.5 Mbps, between 2017 and 2022. Video, which was 59 percent of traffic in 2017, will be 79 percent in 2022.
SecurityWeek | February 21, 2019
Cisco this week released patches for more than a dozen vulnerabilities across its product portfolio, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Two High risk security bugs were addressed in HyperFlex software, namely a command injection issue in the cluster service manager of the application, and an unauthenticated root access flaw in the hxterm service of the software. Created by insufficient input validation and insufficient authentication controls, respectively, the vulnerabilities could allow an attacker to run commands as the root user or gain root access to all member nodes of the HyperFlex cluster. Tracked as CVE-2018-15380 and CVE-2019-1664, both vulnerabilities were found to impact HyperFlex software releases prior to 3.5(2a). Another High severity bug that Cisco addressed this week is a certificate validation bug in the Identity Services Engine (ISE) integration feature of Prime Infrastructure (PI). An unauthenticated, remote attacker could exploit the flaw to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. Tracked as CVE-2019-1659, the issue is created by improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. The flaw impacts Prime Infrastructure Software releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default. Another High risk bug was found in the Quality of Voice Reporting (QOVR) service of Prime Collaboration Assurance (PCA) Software releases prior to 12.1 SP2. Tracked as CVE-2019-1662 and created due to insufficient authentication controls, the issue could allow an unauthenticated, remote attacker to access the system as a valid user.