Cisco Small Business RV320 and RV325 Dual Gigabit WAN Routers Issues
Cisco firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers is affected by the following issues:
Static certificates and keys
Hardcoded password hashes
Multiple vulnerabilities in third-party software (TPS) components
Static Certificates and Keys
Two static X.509 certificates with the corresponding public/private key pairs and one static Secure Shell (SSH) host key were found in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers. One X.509 certificate was created by the OpenSSL Group for testing purposes and the second certificate is a test certificate created by Cisco.
The X.509 certificates and keys in question are part of the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers and were used for their intended testing purpose during the development of that firmware They were never used for live functionality in any shipping version of the product. All shipping versions of this firmware use dynamically created certificates instead.
Cisco bug ID: CSCvq34465
The static SSH host key is part of the tail-f (now part of Cisco) Netconf ConfD package that is included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers. It was never used for live functionality in any shipping version of the product. Key-based SSH authentication is not supported in any shipping version of this firmware.
Cisco bug ID: CSCvq34469
The inclusion of these certificates and keys in shipping software was an oversight by the development team for these routers.
Hardcoded Password Hashes
The /etc/shadow file included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers has a hardcoded password hash for the root user.
The /etc/shadow file is not consulted during user authentication by the firmware. Instead, a dedicated alternate user database is used to authenticate users who log in to either the CLI or the web-based management interface of the affected routers.
An attacker with access to the base operating system on an affected device could exploit this issue to obtain root-level privileges. However, Cisco is not currently aware of a way to access the base operating system on these routers.
Cisco bug ID: CSCvq34472
Multiple Vulnerabilities in Third-Party Software Components
Third-party software (TPS) components in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers contain vulnerabilities. Cisco will handle these vulnerabilities by using the regular Cisco process for TPS vulnerabilities in accordance with the Cisco Security Vulnerability Policy. For information about known TPS vulnerabilities that affect the firmware for these routers, consult the Cisco Bug Search Tool.
Security Impact Rating: Informational
Source:: Cisco Security Advisories