2023年1月17日

受影響的小型企業路由器仍在廣泛使用。四個Cisco小型企業路由器中的多個漏洞可能允許遠程攻擊者繞過身份驗證或在受影響的設備上執行任意命令。在思科小型企業RV016、RV042、RV042G和RV082路由器的基於web的管理界麵中發現了安全漏洞。思科尚未發布軟件更新來解決這些漏洞。此外，沒有變通辦法或臨時修複。思科在警告中說，這個漏洞是由於對傳入HTTP數據包中的用戶輸入進行了不恰當的驗證。攻擊者可以通過向基於web的管理界麵發送精心製作的HTTP請求來利用此漏洞。成功的利用可以允許攻擊者繞過身份驗證並獲得底層操作係統的根訪問權。思科向我們發送了以下聲明:“思科致力於提高透明度，並遵循完善的披露流程，公開報告我們產品中的安全漏洞。進入生命終結過程的產品已經定義了接收軟件維護版本或錯誤修複的結束日期。 The Cisco small business RV Series routers described in the security advisory have entered the end-of-life process, and software maintenance support has ended as of Jan. 29, 2021. Please refer to the specific security advisory and end-of-life announcement for the latest information.” Casey Ellis is Bugcrowd ‘s founder and CTO. He said “this is critical.” Bugcrowd’s Casey Ellis “SMB routers are very widely deployed,” he said. “And in a post COVID-19 hybrid/work-from-home world, it’s not just an SMB problem. Branch offices, centers of excellence (COEs) and even home offices are potential users of the vulnerable product. Financially motivated attackers would be interested because of the raw quantity of these devices that are out there. And nation-states would likely pay attention because of the size and criticality of potential users.” On top of this, it’s an attractive target from a technical point of view, Ellis said. “As an attacker, if you manage to get remote code execution (RCE) on core routing or network infrastructure, your ability to move laterally increases exponentially,” he said. Affected Cisco Small Business Routers Widely Used Despite End of Life Mike Parkin is senior technical engineer at Vulcan Cyber . Vulcan Cyber’s Mike Parkin “The Cisco small business routers affected by these vulnerabilities still see reasonably widespread usage, though they are all officially end of life,” he said. “The challenge will be that these devices are typically found in small businesses with limited resources or used by individuals who may not have the budget to replace them. Unfortunately for them, Cisco is not going to fix this. So anyone who still has one of these in service should strongly consider replacing them with a newer kit sooner rather than later. This applies to any world-facing kit that’s past its end of life.” John Bambenek is principal threat hunter at Netenrich . Netenrich’s John Bambaneck “It’s always a best practice not to allow remote administration of network devices accessible from the open internet,” he said. “However, small business using some MSP/MSSPs have to leave it open for their service providers. That said, this is the worst of all worlds with proof of concept (POC) code publicly available and no mitigations or patches available.”