Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Cisco Warns Of Root Level Security Hole In SMB Devices

By - Source: Toms IT Pro

UPDATE 1/23/2014: Cisco has released a fix for the unauthorized access vulnerability in WAP4410N --

Cisco has reported a vulnerability caused by an undocumented test interface in TCP port 32764 of several Cisco devices sold in the SMB market. The vulnerability could allow a remote user to gain root-level access to an affected device. Cisco plans to release free software updates aimed at fixing the vulnerabilities by the end of January 2014.

The Cisco security advisory has listed the affected devices and their configurations as follows:

  • Cisco RVS4000 4-port Gigabit Security Router running firmware version and prior
  • Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 and prior
  • Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version and prior
  • Cisco WAP4410N Wireless-N Access Point running firmware version and prior

Cisco has assigned scores to each affected device according to the Common Vulnerability Scoring System (CVSS). The CVSS applies a score based on a scale from 1 to 10, with 7 - 10 considered highly vulnerable; each of the affected Cisco devices received a score of 10.

A remote attacker could use the vulnerability to issue arbitrary commands to a device, access information from administrator accounts and read device configurations. According to the CVSS assessment, the complexity of gaining access is low and no authentication is required. An attacker could completely compromise the confidentiality, integrity and availability of an affected device.

Eloi Vanderbeken originally disclosed the vulnerability on GitHub. In addition to the Cisco devices listed above, the GitHub page lists devices from other companies that may be affected by the backdoor, but does not include confirmation from vendors.

According to Vanderbeken, the vulnerability is accessible from the WAN connection in some cases. Johannes B. Ullrich, PhD. at the SAANS Technology Institute reports a dramatic increase in scans of TCP port 32764. In early December 2013 there were 10 - 17 scans detected, on January 2nd 2014 15,068 scans were reported.

For more information and updates on this security hole click here.

[ Get IT news updates right in your inbox -- Sign up for Tom's IT Pro's Weekly Newsletter ]



James Sullivan is a freelance technology writer whose concentrations include cloud computing and video game development. He is based in Portland, Oregon.

More from James Sullivan