14 DAY TRIAL // When you have thousands of different products and services like Cisco does, it's bound for a critical security bug to pop up here and there, but to Cisco's credit, the company is quite apt at detecting issues and fixing them with timely firmware updates.
One of the most recent security updates the company put out is a severe issue in its Cisco RV220W Wireless Network Security Firewall devices.
The issue (CVE-2015-6319) refers to a flaw in the device's admin authentication procedures. If the device has the remote management feature turned on, it was vulnerable to executing SQL statements embedded within an HTTP request.
The problem was because of insufficient input validation of HTTP request, and an anonymous researcher working with the Beyond Security's SecuriTeam Secure Disclosure program caught wind of this practice and tested the authentication interface for specific attack vectors.
SQL injection via the Cisco device's admin panel login
The researcher discovered that by messing around with the HTTP request's header and by adding his own brew of malicious SQL code, he could bypass the authentication procedures and execute the code on the device.
Depending on each attacker's skill level, the device was prone to full takeover, with the attacker gaining admin rights on the device.
The vulnerability had a severity score of 10 out of 10, meaning the attack was easy to carry out, even by lesser skilled technical users.
CVE-2015-6319 affected all Cisco RV220W Wireless Network Security Firewall devices running firmware releases version 1.0.7.1 and earlier. Version 1.0.7.2 has fixed this issue.
In case sysadmins can't update their devices yet due to technical and bureaucratic reasons, Cisco advises them to disable the device's remote management feature, or limit access to the interface's Web panel.
This latter operation should be carried out via the device's settings panel which allows admins to restrict access to the device's dashboard by IP-based rules.