A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote malicious user to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to the VPN from an affected device with crafted credentials. A successful exploit could allow the malicious user to bypass authentication and access the IPSec VPN network. The attacker may obtain privileges that are the same level as an administrative user, depending on the crafted credentials that are used. Cisco has not released software updates that address this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv110w_firmware 1.0.3.55 |
||
cisco rv110w_firmware 1.2.2.8 |
||
cisco rv110w_firmware 1.3.1.7 |
||
cisco rv130_firmware 1.0.3.55 |
||
cisco rv130_firmware 1.2.2.8 |
||
cisco rv130_firmware 1.3.1.7 |
||
cisco rv130w_firmware 1.0.3.55 |
||
cisco rv130w_firmware 1.2.2.8 |
||
cisco rv130w_firmware 1.3.1.7 |
||
cisco rv215w_firmware 1.0.3.55 |
||
cisco rv215w_firmware 1.2.2.8 |
||
cisco rv215w_firmware 1.3.1.7 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Nothing like an authentication bypass for your private IPSec network
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers. Those small-biz routers – the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router – have reached their end-of-life (EoL) and the networking vendor is recommending customers upgrade to devices that aren't vulnerable. To give you an idea of the potential ...