Attacks started two days after Cisco released a patch, one day after researchers published demo exploit code.
Two days after Cisco patched a severe vulnerability in a popular brand of SOHO routers, and one day after the publication of proof-of-concept code, hackers have started scans and attacks exploiting the said security bug to take over unpatched devices.
The vulnerability, tracked as CVE-2019-1663, was of note when it came out on February 27 because it received a severity score from the Cisco team of 9.8 out of a maximum of 10.
It received such a high rating because the bug is trivial to exploit and does not require advanced coding skills and complicated attack routines; it bypasses authentication procedures altogether; and routers can be attacked remotely, over the internet, without attackers needing to be physically present on the same local network as the vulnerable device.
This means that the owners of these devices won't likely be keeping an eye on Cisco security alerts, and most of these routers will remain unpatched --unlike in large corporate environments where IT personnel would have already deployed the Cisco fixes.
According to a scan by cyber-security firm Rapid7, there are over 12,000 of these devices readily available online, with the vast majority located in the US, Canada, India, Argentina, Poland, and Romania.
All of these devices are now under attack, according to cyber-security firm Bad Packets, which reported detecting scans on March 1.
View image on TwitterView image on Twitter
In its blog post, Pen Test Partners blamed the root cause of CVE-2019-1663 on Cisco coders using an infamously insecure function of the C programming language -namely strcpy (string copy).Seeing an uptick in scans checking for "login.cgi" – likely looking for vulnerable Cisco RV110W, RV130W, and RV215W routers.— Bad Packets Report (@bad_packets) March 1, 2019
A proof of concept for CVE-2019-1663, which allows RCE, was recently published by @PenTestPartners: https://t.co/ndqhxGMgI9 pic.twitter.com/J3KG3xSz5w
The company detected hackers scanning for these types of routers using an exploit that was published a day earlier on the blog of Pen Test Partners, a UK-based cyber-security firm.
It was one of the Pen Test Partners' researchers, together with two other Chinese security experts, who found this particular vulnerability last year.
Attackers who read the blog post appear to be using the example provided in the Pen Test Partners article to take over vulnerable devices.
Any owner of these devices will need to apply updates as soon as possible. If they believe their router has already been compromised, reflashing the device firmware is recommended.
READ MORE:
ReplyDeleteUttarakhand Online Taxi Booking
Online Taxi Service in Uttarakhand
Uttarakhand Online Tour Travel Service
Book Online Cab Taxi in Uttarakhand
Taxi service Provider in Uttarakhand
Haldwani Nainital Best Taxi Service In Uttarakhand
Cabs Taxi Service in Haldwani Rishikesh Uttarakhand
I have been exploring for a bit for any high quality articles or blog posts in this sort of house . Exploring in Yahoo I ultimately stumbled upon this site. Reading this info So i’m happy to show that I've a very good uncanny feeling I came upon exactly what I needed. I most undoubtedly will make certain to don’t disregard this site and provides it a glance on a constant basis.tissot seastar
ReplyDelete