Cisco Small Business RV320 and RV325 Dual Gigabit WAN Routers Issues

By GIXnews

Cisco firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers is affected by the following issues:

Static certificates and keys
Hardcoded password hashes
Multiple vulnerabilities in third-party software (TPS) components

Static Certificates and Keys

Two static X.509 certificates with the corresponding public/private key pairs and one static Secure Shell (SSH) host key were found in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers. One X.509 certificate was created by the OpenSSL Group for testing purposes and the second certificate is a test certificate created by Cisco.

The X.509 certificates and keys in question are part of the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers and were used for their intended testing purpose during the development of that firmware They were never used for live functionality in any shipping version of the product. All shipping versions of this firmware use dynamically created certificates instead.

Cisco bug ID: CSCvq34465

The static SSH host key is part of the tail-f (now part of Cisco) Netconf ConfD package that is included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers. It was never used for live functionality in any shipping version of the product. Key-based SSH authentication is not supported in any shipping version of this firmware.

Cisco bug ID: CSCvq34469

The inclusion of these certificates and keys in shipping software was an oversight by the development team for these routers.

Hardcoded Password Hashes

The /etc/shadow file included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers has a hardcoded password hash for the root user.

The /etc/shadow file is not consulted during user authentication by the firmware. Instead, a dedicated alternate user database is used to authenticate users who log in to either the CLI or the web-based management interface of the affected routers.

An attacker with access to the base operating system on an affected device could exploit this issue to obtain root-level privileges. However, Cisco is not currently aware of a way to access the base operating system on these routers.

Cisco bug ID: CSCvq34472

Multiple Vulnerabilities in Third-Party Software Components

Third-party software (TPS) components in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers contain vulnerabilities. Cisco will handle these vulnerabilities by using the regular Cisco process for TPS vulnerabilities in accordance with the Cisco Security Vulnerability Policy. For information about known TPS vulnerabilities that affect the firmware for these routers, consult the Cisco Bug Search Tool.

Security Impact Rating: Informational

Source:: Cisco Security Advisories