Cisco yesterday warned users of a critical vulnerability in the web-based interface of its EV220W Wireless Network Security Firewall devices, which if exploited could allow remote attackers to access administrative privileges by circumventing the authentication process.
In an online security advisory, the networking technology provider assured readers that it has already made firmware updates and software patches available to address the flaw.
Cisco warned users to look out for indicators of a compromise, specifically If the “Authentication, Accounting, and Authorization (AAA) log files for a device contain suspect or malicious login data.”
The company attributed the vulnerability to “insufficient input validation of HTTP request headers" that get sent to the interface of affected devices. This flaw could allow a hacker to send devices a crafted HTTP request, encoded with malicious SQL statements, in order to leverage their remote access capabilities and subsequently alter user privileges.