If you need to know how to fix the Cisco router vulnerability, CVE-2021-1289, you’ve come to the right place. Frankly, if you need to know how to fix just about any CVE, we’re going to let you in on a secret weapon in the fight against bad cyber hygiene.
Using remediation intelligence gathered from Vulcan Remedy Cloud, this blog post will answer most of the questions you might have about CVE-2021-1289, the latest vulnerability to impact Cisco Small Business routers.
The Vulcan Cyber vulnerability remediation platform saves you work by going beyond simple recommendations. We identify and provide the precise priorities, insights, remediation steps, and automation you need to get fix done in your environment. We also offer remediation intelligence for free to the IT security community through Vulcan Remedy Cloud so you can quickly set out to secure your network by fixing this Cisco router management console issue.
What are the Cisco router and VPN vulnerabilities?
Cisco offers owners of its small-business routers a web-based management interface that gives users the ability to easily configure and manage their network infrastructure. However, newly discovered vulnerabilities in the management interface across a wide range of Cisco routers could be the open door hackers use to execute their own code on the device, letting them view, overwrite, or otherwise modify data. This could ultimately lead to other types of attacks, such as directory traversal, uploads of files bearing a malicious payload, or denial of service (DDoS).
As recently reported in Vulcan Remedy Cloud, there is no workaround for these vulnerabilities. The only solution is an immediate firmware upgrade to fix this flaw.
Does this Cisco router and VPN vulnerability affect me?
Yes... if you are running any of the following Cisco Small Business routers with any firmware version lower than 1.0.01.02:
- RV160 VPN Router
- RV160W Wireless-AC VPN Router
- RV260 VPN Router
- RV260P VPN Router with POE
- RV260W Wireless-AC VPN Router
These are mid-range routers used by the SMB market, particularly remote offices. For all these router models, the model number usually appears clearly in white lettering at the front bottom-left corner, making it easy to know if your model is vulnerable.
Cisco has reassured its customers that no other routers or network devices are susceptible to this vulnerability.
To find out the firmware version number of your router, log in to the management interface (via its IP address) with the appropriate credentials. Look for a “System Summary” or similar page that lists the current firmware version running on the router. A visual step-by-step guide is available from Cisco here.
Has this Cisco vulnerability been actively exploited in the wild?
No, while Cisco has given these vulnerabilities its highest severity rating, there are as yet no reports of active exploits in the wild. However, it is only a matter of time if steps to remediate aren’t taken.
Cisco suggests any would-be attacker “would need to have valid administrator credentials” on the router in order to exploit this vulnerability. Yet for convenience, many routers’ factory settings include default admin credentials, such as a password of “admin” or “cisco.” Cisco recommends changing the password immediately, but organizations that have knowingly or unknowingly left these routers with the default settings may find themselves more susceptible to these and other hacks.
With much attention directed to these and other flaws, it won’t be long before hackers take advantage of organizations that fail to change their passwords and remediate this issue. According to the CheckPoint Global Threat Index for January 2021, two of the top three most-exploited vulnerabilities today center around router vulnerabilities just like these.
How do I remediate CVE-2021-1289?
Fortunately, it’s simple to remediate these vulnerabilities with a firmware upgrade. If your Cisco router is listed above and running any firmware version lower than 1.0.01.02, you are at risk and should immediately upgrade the firmware.
Visit CVE-2021-1289 on Remedy Cloud to get next steps and additional details about the fix for this Cisco router vulnerability.
To get additional remedies and fixes for the vulnerabilities that matter to your business, be sure to bookmark Vulcan Remedy Cloud, the largest database of remedies and fixes. It’s completely free and easily searchable so you can help your IT security teams get fix done in short order.