Hello, welcome to the Monday, January 28, 2019 edition of the Sands and Storm Center's Stormcast. My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

We got two very recent vulnerabilities in Cisco RV 320 and RV 325 small business routers that are currently

widely being exploited.

A patch for these vulnerabilities was released just last week.

The first vulnerability CVE 2019 1652 is a command injection vulnerability in the router's web admin interface.

The vulnerability is only exploitable for an authenticated user, so this is why Cisco only

rated it as important, but first of all, the exploits that are going around now are going

for default credentials, Cisco slash Cisco, of course, the exports that are going around now are going for default credentials,

Cisco slash Cisco, of course. And then there is a second vulnerability, CVE 2019, 1653, so just the next

CVE number, so also released last week. And it's also rated high and also affects the web admin interface.

Now, the thing about this vulnerability is that allows the attacker to retrieve arbitrary URLs

without authentication, including the router's configuration file. Now, using this configuration file, an attacker then can obtain hash password.

The Etsy Shadow file can be downloaded.

And then, of course, they can brute force the password offline.

Again, if you have a weak password, you're sort of a sitting ducked there.

Yes, and of course, the Cisco slash Cisco password or account will immediately be cracked.

So definitely make sure that you expedite patching of these devices if you have an affected device.

And remember, the patch was released last week.

So if you didn't patch these routers within the last week,

you may be vulnerable.

In addition, definitely make sure that you use a strong password

that mitigates at least these sort of widespread exploits.

...