Security News > 2020 > July > Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

Cisco has patched a cross-site scripting vulnerability in two VPN routers it sells to small businesses and branch offices.

By default, the management feature is disabled for remote users, though it is enabled for people on the same LAN. "A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information," Cisco explained in its advisory yesterday.

"To determine whether the remote management feature is enabled for a device, open the web-based management interface through a local LAN connection and choose Basic Settings > Remote Management. If the 'Enable' check box is checked, remote management is enabled for the device."

While Cisco classified CVE-2020-3431 as a "Moderate" security risk, infosec outfit CyCognito, which discovered and reported the vulnerability, told The Register on Wednesday that in the worst-case scenario, a miscreant could exploit the flaw to ultimately take complete control of the device before moving laterally.

The attacker could, say, send a network administrator an email containing a link to a page that exploited the XSS bug to hijack the VPN gateway.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/02/cisco_smb_router_hole/