Cisco has released a security update for a Critical UPnP vulnerability in Small Business router models, as well as multiple vulnerabilities in other Cisco products.
An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.
Small Business routers
The Cisco update is for a Critical vulnerability CVE-2021-34730 (CVSS score of 9.8) in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.
Cisco warned the vulnerability “could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.”
Moreover, Cisco offered no patches or workarounds to address the vulnerability. Instead, users are urged to disable the UPnP service on both the LAN and WAN interface. The latter is disabled by default.
It is also worth noting the risk posed and past cyberattacks against UPnP, such as CallStranger, UPnProxy, Mirai, and Pinkslipbot malware, just to name a few.
Cyber experts also released best practices and lessons learned in guarding against Internet-of-things (IoT) attacks that look to exploit UPnP vulnerabilities.
Other Cisco products
In addition, Cisco also patched the following Medium risk vulnerabilities in Cisco products on August 18:
- CVE-2021-34749: Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
- CVE-2021-1561: Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability
- CVE-2021-34734: Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability
- CVE-2021-34715: Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
- CVE-2021-34716: Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability
- CVE-2021-1603, CVE-2021-1604, CVE-2021-1605, CVE-2021-1606, CVE-2021-1607: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities.
Readers can also check out Cisco’s security advisories page for more details on most recent Cisco product vulnerabilities and mitigations.
- CallStranger UPnP vulnerability affects multiple internet-facing products
- UPnProxy opens up networks to Eternal family of exploits
- 16-year-old printer driver vulnerability affects millions of printers worldwide
- New Mirai variant exploits IoT devices
- Pinkslipbot banking malware takes control of systems
- IoT Cyber Attack Methods And Ways To Defend Them
- How a University Fought Off an IoT Attack and 12 Lessons Learned