 The security people over at Red Team Pen Testing found a big flaw in Cisco. Cisco RV320 on authenticated configuration and export. Now, this was properly disclosed to Cisco. Cisco does have a patch for this, but as we know, many firewalls and many people installing these are set it and forget it as opposed to actively engaging and updating these firewalls to close some of these problems. Now, this affects both the Cisco RV320 and 325. That's what we know here on January 30th of 2019, but there may be other devices affected. They should always be hyper vigilant about keeping all of these updated just because you have a slightly different model. If it's based on the same firmware, there's a chance that this exploit may be found in other routers that Cisco provides. So, basically, this is also an example of threat stacking because there are two vulnerabilities. First vulnerability is unauthenticated configuration export, and unfortunately this in many cases is public facing. So, the idea of the firewall is going to separate the internet from your inside network, but maybe you have a VPN to another site or for users to access. This unauthenticated configuration export allows an attacker to pull all the data out of the firewall. That includes the user names, hashed passwords, but VPN configurations, etc. But by having that information, they now know how to connect to it and they could possibly, if it was not a strong password, look at those hashed passwords and perhaps reverse engineer them. Now, this is where threat stacking becomes a problem because here is the second part of the threat. Same model, command injection by limited privilege user. And what this means is, even though they may not have the root password to the Cisco, the full admin password, if they have another authenticated user, maybe with lesser privileges, they're able to manipulate it with that information. So, yeah, I have a strong admin password, I had a weaker secondary password for control of something, but by dumping the data, figuring it out, and then getting it again with that weaker credentials, then they found another exploit that could then manipulate the firewall and change the settings on it. And how many of these are out there public facing? Well, a quick look for Shodan, it turns out over 9,000 of these are vulnerable to CVE 2019, 1653. And this is just honeypots and things like that out there looking for these. It doesn't mean it's a definitive list of all of them. There's undoubtedly more. Finding 9,000 of them, that's just the beginning of this. So, we're definitely going to find out there's probably more of these out there. Get patch nine-year Cisco systems. And in case you're wondering or want to test your system against this, there is a GitHub, which is a Cisco RV 320 dump. This is the proof of concept. Please don't use this on firewalls that you do not have permission to use this on. But if you want to test one of your Cisco RVs, there is an entire GitHub that is a proof of concept that shows how it works, breaks down the exploit. And don't worry, this is being actively searched right now by hackers and people that want to gain access to it. So, it's not like this person publishing this information is really bad. It's actually a good thing. One, so security people can understand how it works and it helps to maybe poke at other firewalls and we're going to probably see more and more people digging into this. But it's already being actively, whether this was here or not, it's already being actively attacked right now because the exploit is quite bad and it's a high severity problem. So, set it and forget it doesn't work anymore in January 2019. This is why you should always consider making sure your firewall is kept up to date all the time, either by yourself or managed by an IT firm that is competent to do stuff like that. So, that's why it's really important. You can't just set it and forget it. You do need to actively keep out, keep an eye out for problems and firmware updates and things like that because, well, this is going on actively right now. So, if you have a Cisco RV 320, get out there, get it updated. This is all very recent. The firmware is only a couple days old. So, get it before you get got. Alright, thanks. Thanks again for watching this video and see you next time.