TMCnet News
Using CyCognito Platform, Researchers Uncover Zero-Day Vulnerability on Cisco RoutersPALO ALTO, Calif., July 02, 2020 (GLOBE NEWSWIRE) -- CyCognito Inc., the leader in uncovering and prioritizing risk from attacker-exposed systems and assets, today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers an easy path for taking control of a router administrator’s web configuration utility, a position that allows them to perform all admin actions, from viewing and modifying sensitive information to taking control of the router or having the ability to move laterally and gain access to other systems. The CyCognito platform discovered the Cisco vulnerability, which was subsequently verified by the CyCognito Research Team and then by Cisco. The platform detected the Cisco router XSS vulnerability when mapping the attack surface of a CyCognito customer that was using one of the Cisco small business routers, and the research team quickly realized the CyCognito platform had found a never-before reported vulnerability, also known as a “zero-day” vulnerability. “Commandeering a network router puts attackers in a prime position for intercepting company secrets and crucial data and to advance their attacks,” stated Alex Zaslavsky, CyCognito’s Head of Security Research. “Attackers value XSS vulnerabilities because they can be used to access a victim's current session and even take over an account and impersonate the victim. A vulnerability in an admin configuration utility can be even more damaging as phished credentials can be used to try to gain access to other systems within a company’s infrastructure. That’s why we worked with Cisco to help resolve this vulnerability to ensure organizations remain secure.” For more details on this new vulnerability and how organizations can protect themselves, please read CyCognito’s latest blog, “CyCognito Platform Automatically Detects Four Zero-Day Vulnerabilities.” Zaslavsky and Chen Bremer, also from the CyCognito Research Team, discovered three additional zero-day vulnerabilities in other vendors’ gear over the past few weeks as well. More information will be provided once the respective vendors have taken steps to address the issues. Responsible Disclosure Path of Least Resistance Detection The CyCognito platform is the first attack surface management solution to detect a zero-day vulnerability, which demonstrates the value of its POLaR approach, as well as its superiority over conventional port-scanning based attack surface management products. About CyCognito For more information, please visit cycognito.com. Press Release URL: https://www.cycognito.com/blog/press-release-using-cycognito-platform-zero-day-vulnerability-cisco Media contact: |