Cisco released an updated security advisory warning of active scanning activity for a highly critical remote code execution (RCE) vulnerability in the web-based VPN management interface of Cisco RV110W, RV130W, and RV215W Routers.
The RCE vulnerability CVE-2019-1663 is rated critical and has a CVSS score of 9.8 (10 being the highest). Priority for patching should be high.
In the latest update released on March 6th, the Cisco’s incident response team warned it is now aware of ongoing active network scanning potentially targeting CVE-2019-1663. The advisory was first published February 27, 2019.
The RCE vulnerability impacts the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Routers. Remote unauthenticated attackers could exploit the bug and execute arbitrary code on an affected device.
Cisco also issued 26 High severity security updates to address vulnerabilities in multiple products.
One notable update from the high risk patches released on Wednesday was for a denial of service vulnerability CVE-2018-0296 in the web interface of the Cisco Adaptive Security Appliance (ASA), previously disclosed publicly on June 6, 2018.
On March 5, 2019, Cisco’s Product Security Incident Response Team (PSIRT) warned of additional exploitation attempts of this vulnerability in the wild. Cisco reiterated a strong recommendation to upgrade to the latest version of ASA software to address the vulnerability.
Cisco patched two vulnerabilities (CVE-2019-1597 and CVE-2019-1598) that impact the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software. An unauthenticated, remote attacker could exploit this bug to cause an affected device to reload, resulting in a denial of service (DoS) condition.
Multiple other vulnerabilities in NX-OS, Nexus 9000 and other products were patched in the latest list of Cisco security advisories.