Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
2
Replies

RVS4000 - potential vulnerabilities

kathey001
Level 1
Level 1

‎11-10-2013 12:53 PM

I just discovered Berkely's Netalyzr (http://netalyzr.icsi.berkeley.edu/index.html)
and ran it on my internal network and it reported potential vulnerabilities on my RVS4000 (portion of output at bottom of this)
I have RVS4000v1 running the latest firmware V1.3.3.5.

The potential vulnerabilities reported are ...

CVE-2012-5958

CVE-2012-5959

Can anyone tell me if these are real concerns?
I hope this posting makes Cisco aware of them if they are.

-K

---- excerpt from Netalyzer output -------------------------------------------------------------------------------------------------------------------------------------------------------

We received UPnP responses from 1 device:

10.0.0.1: this device provided a valid device description via its UPnP URL. This description, viewable

here , contains the following information about this gateway:

  • Name: Cisco VPN Router
  • Manufacturer: Cisco Systems.
  • Manufacturer URL: http://www.cisco.com
  • Model name: 4-Port Gigabit Security Router with VPN
  • Model number: RVS4000
  • Model URL: http://www.cisco.com
  • Model Description: Cisco VPN Router

This device appears to run "Linux/2.4.27-star, UPnP/1.0, Intel SDK for UPnP devices /1.2". This system may be vulnerable to

CVE-2012-5958

and

CVE-2012-5959

Labels:
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎11-13-2013 10:53 AM

Hi Kris, although admirable and a good concern about the security and how stalwart a router may be, this router has been end of life / end of sale and has no further production or development releases for quite some time. Any problems will not be addressed further on this product from a development point of view.

If you have a reasonable concern that your network, business or whatever may be in jeopardy due to specific software exploits which are found within the router, the choice would be to use a different router (since they won't be fixed on this platform).

I can tell you the CVE-2012-5958 and 5959 are operation system flaws. This was classified as a "high vulnerability" by the US computer emergency readiness team.

http://www.us-cert.gov/ncas/bulletins/SB13-035

This essentially means some random coding can be placed within UDP packets in the device field.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

SamirD
Level 5
Level 5

‎11-15-2013 07:46 AM

Very interesting.  I've always been curious how 'secure' these routers really are.  One thing I always do is disable upnp.  Won't help when it doesn't change the situation, but it's one less thing.

The good thing about obsolete hardware/software is that all the hack attempts for them also fade as the hardware falls out of mainstream use.  Hackers are after good, current information (like credit card numbers), and this type of information isn't usually put on older platforms.  You know your data and what level of security you need.  If you don't feel safe, then you can always change the hardware like Tom suggested.   

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
0 Helpful
Customers Also Viewed These Support Documents