CISCO Released an Update to patch Critical Vulnerabilities in Gateways and Modems!

CISCO released another update to patch major vulnerabilities and security holes in their modems, firewalls and residential gateways. Two security researchers of Tech Analysis, reported a number of security flaws in residential gateways of CISCO. Kyle Lovett and Chris Watts were these two security researchers.

Kyle Lovett found a vulnerability, which was allowing hackers to gain access of user’s devices through a remote code execution. This vulnerability is available with (CVE-2016-1325) and it was an information disclosure vulnerability. Cisco’s DPC3941 Wireless Residential Gateway was affected with this vulnerability.

On the other hand, Chris Watts found a vulnerability in Cisco’s DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway, which was allowing the hackers for DoS (Denial-of-Service) attack. Chris Watts told that this was happening because, the security devices of CISCO was handling HTTP requests with an improper way. Due to this, devices were allowing attackers to perform a DoS Attack. This vulnerability has been registered with CVE-2016-1326. Another vulnerability (CVE-2016-1327) was reported by Chris Watts. This was a remote code execution vulnerability, presented in Digital Voice models DPC2203 and EPC2203 of CISCO’s cable modems.

This vulnerability was allowing hackers to execute malicious code into devices with the help of specially crafted HTTP requests. This vulnerability was also allowing “Buffer Overflow”. CISCO also published an advisory to aware their users about this vulnerability. CISCO wrote all the details in this advisory such as how hackers could exploit this vulnerability and what would the effects of this vulnerability on the devices. CISCO also told their users about improper HTTP requests handling problem of their devices.

Few weeks ago, CISCO released an update to fix the vulnerability in Adaptive Security Appliance (ASA) software of company. IKEv1 and IKEv2 (Internet Key Exchange) of ASA 5500 Series were vulnerable for Buffer overflow.

This is a second major update released by CISCO in this year. Before it, CISCO released an update in second week of February. Security Researchers are finding a number of vulnerabilities in security products of CISCO. It could become a big headache for CISCO. There is not a single workaround is available for these flaws. Therefore CISCO have no idea, how hackers are exploiting vulnerabilities of their security products.