Hello, welcome to the Monday, March 4, 2019 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jackstville, Florida.

Cisco released a critical update for its RV 110 W.RV. 130W RV-215W routers.

These are routers that you typically find in small businesses and maybe some home offices,

typically sold via like Office Depot and the like, and the vulnerability can be exploited

if you left your web-based admin interface exposed.

The existence of the vulnerability was actually already announced late last year at the

GeekPone conference, shouldn't be terribly difficult to exploit, so something you certainly

should take care of quickly.

And then yet again, please block access to any web-based admin interface from outside your own

network.

And Adobe released an update for Cold Fusion now.

Essentially, the nature of the bug here is that the attacker could upload files that are

then executed, but you have to do a number of fundamental things wrong with file uploads

if you are vulnerable to this particular issue. First of all, of course, you have to have a site that does allow file uploads.

The file uploads have to be uploaded into a folder that's web accessible.

That's always a big no-no.

And then of course, you have to allow the upload of a file that does have an executable extension like

dot-cfm, dot-cfml, or dot-cfcfc. Well, ASPX, sort of your typical cold fusion extensions.

The real bug here is that if you are checking the mime type of the file, well, that's where

the bad part happens.

Even if you do check the mime type, well, it can be bypassed and executable code can be uploaded.

...