Using CyCognito Platform, Researchers Uncover Zero-Day Vulnerability on Cisco Routers

Router and switch market leader has Cross-Site Scripting (XSS) vulnerability that gives attackers access to admin actions and sensitive information as well as the ability to phish for credentials and potentially move laterally.


PALO ALTO, Calif., July 02, 2020 (GLOBE NEWSWIRE) -- CyCognito Inc., the leader in uncovering and prioritizing risk from attacker-exposed systems and assets, today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers an easy path for taking control of a router administrator’s web configuration utility, a position that allows them to perform all admin actions, from viewing and modifying sensitive information to taking control of the router or having the ability to move laterally and gain access to other systems.

The CyCognito platform discovered the Cisco vulnerability, which was subsequently verified by the CyCognito Research Team and then by Cisco. The platform detected the Cisco router XSS vulnerability when mapping the attack surface of a CyCognito customer that was using one of the Cisco small business routers, and the research team quickly realized the CyCognito platform had found a never-before reported vulnerability, also known as a “zero-day” vulnerability.   

“Commandeering a network router puts attackers in a prime position for intercepting company secrets and crucial data and to advance their attacks,” stated Alex Zaslavsky, CyCognito’s Head of Security Research. “Attackers value XSS vulnerabilities because they can be used to access a victim's current session and even take over an account and impersonate the victim.  A vulnerability in an admin configuration utility can be even more damaging as phished credentials can be used to try to gain access to other systems within a company’s infrastructure. That’s why we worked with Cisco to help resolve this vulnerability to ensure organizations remain secure.”

For more details on this new vulnerability and how organizations can protect themselves, please read CyCognito’s latest blog, “CyCognito Platform Automatically Detects Four Zero-Day Vulnerabilities.” Zaslavsky and Chen Bremer, also from the CyCognito Research Team, discovered three additional zero-day vulnerabilities in other vendors’ gear over the past few weeks as well. More information will be provided once the respective vendors have taken steps to address the issues.

Responsible Disclosure
CyCognito follows responsible disclosure processes in reporting zero-day discoveries to vendors to ensure issues can be addressed according to the vendor’s policies. This helps vendors confirm reported vulnerabilities, evaluate the risk and responsibly disclose the findings. In this case, Cisco released a patch to address the vulnerability on June 17, 2020, and an Advisory on July 1, 2020. More information can be found in the Cisco Security Advisory.

Path of Least Resistance Detection
This discovery highlights why preventing cyber attacks requires continuous attack surface monitoring, specifically using the concept of POLaR - the path of least resistance. Organizations need the ability to discover the full extent of their attack surface, understand the business context of discovered assets, and detect and prioritize risks that attackers are most likely to target so they can be remediated first.

The CyCognito platform is the first attack surface management solution to detect a zero-day vulnerability, which demonstrates the value of its POLaR approach, as well as its superiority over conventional port-scanning based attack surface management products.

About CyCognito
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure. Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists, and its mission is to help organizations eliminate their “shadow risk” — externally-exposed systems and assets of business importance that are often unknown, abandoned or not directly in their control. CyCognito closes these gaps with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers.

Its next-generation security risk assessment platform enables Fortune 500 and other leading companies around the world to autonomously discover, understand, prioritize and eliminate their organization’s shadow risk based upon a global analysis of their external attack surface and the attack vectors that a real attacker would likely exploit.

For more information, please visit cycognito.com.

Press Release URL: https://www.cycognito.com/blog/press-release-using-cycognito-platform-zero-day-vulnerability-cisco

Blog URL:  https://www.cycognito.com/blog/cycognito-platform-automatically-detects-four-zero-day-vulnerabilities

Media contact:
Raphael Reich
VP Product Marketing
raphael@cycognito.com