Using CyCognito Platform, Researchers Uncover Zero-Day Vulnerability on Cisco Routers

Router and switch market leader has Cross-Site Scripting (XSS) vulnerability that gives attackers access to admin actions and sensitive information as well as the ability to phish for credentials and potentially move laterally.

Palo Alto, California – July 2, 2020

CyCognito Inc., the leader in uncovering and prioritizing risk from attacker-exposed systems and assets, today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers an easy path for taking control of a router administrator’s web configuration utility, a position that allows them to perform all admin actions, from viewing and modifying sensitive information to taking control of the router or having the ability to move laterally and gain access to other systems.

The CyCognito platform discovered the Cisco vulnerability, which was subsequently verified by the CyCognito Research Team and then by Cisco. The platform detected the Cisco router XSS vulnerability when mapping the attack surface of a CyCognito customer that was using one of the Cisco small business routers, and the research team quickly realized the CyCognito platform had found a never-before reported vulnerability, also known as a “zero-day” vulnerability.

“Commandeering a network router puts attackers in a prime position for intercepting company secrets and crucial data and to advance their attacks,” stated Alex Zaslavsky, CyCognito’s Head of Security Research. “Attackers value XSS vulnerabilities because they can be used to access a victim's current session and even take over an account and impersonate the victim. A vulnerability in an admin configuration utility can be even more damaging as phished credentials can be used to try to gain access to other systems within a company’s infrastructure. That’s why we worked with Cisco to help resolve this vulnerability to ensure organizations remain secure.”

For more details on this new vulnerability and how organizations can protect themselves, please read CyCognito’s latest blog, “CyCognito Platform Automatically Detects Four Zero-Day Vulnerabilities.” Zaslavsky and Chen Bremer, also from the CyCognito Research Team, discovered three additional zero-day vulnerabilities in other vendors’ gear over the past few weeks as well. More information will be provided once the respective vendors have taken steps to address the issues.

Responsible Disclosure

CyCognito follows responsible disclosure processes in reporting zero-day discoveries to vendors to ensure issues can be addressed according to the vendor’s policies. This helps vendors confirm reported vulnerabilities, evaluate the risk and responsibly disclose the findings. In this case, Cisco released a patch to address the vulnerability on June 17, 2020, and an Advisory on July 1, 2020. More information can be found in the Cisco Security Advisory.

Path of Least Resistance Detection

This discovery highlights why preventing cyber attacks requires continuous attack surface monitoring, specifically using the concept of POLaR - the path of least resistance. Organizations need the ability to discover the full extent of their attack surface, understand the business context of discovered assets, and detect and prioritize risks that attackers are most likely to target so they can be remediated first.

The CyCognito platform is the first attack surface management solution to detect a zero-day vulnerability, which demonstrates the value of its POLaR approach, as well as its superiority over conventional port-scanning based attack surface management products.