Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2417 Cisco patches four critical, five other vulnerabilities in its RV-series routers 16 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RV110W series routers RV130 series routers RV130W series routers RV215W series routers RV340 series routers RV340W series routers RV345 series routers RV345P series routers Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-3358 CVE-2020-3357 CVE-2020-3332 CVE-2020-3331 CVE-2020-3330 CVE-2020-3323 CVE-2020-3150 CVE-2020-3146 CVE-2020-3145 CVE-2020-3144 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy Comment: This bulletin contains nine Cisco security advisories, including four rated by Cisco as "critical". - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability Priority: Critical Advisory ID: cisco-sa-code-exec-wH3BNFb First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvs50861 CSCvs50862 CVE-2020-3331 CWE-119 CVSS Score: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-code-exec-wH3BNFb Affected Products o Vulnerable Products This vulnerability affects Cisco RV110W Wireless-N VPN Firewall releases earlier than Release 1.2.2.8 and Cisco RV215W Wireless-N VPN Router releases earlier than Release 1.3.1.7. The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in the following firmware releases: RV110W Wireless-N VPN Firewall: 1.2.2.8 RV215W Wireless-N VPN Router: 1.3.1.7 To download the software from the Software Center on Cisco.com, do the following: 1. Click Browse All. 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware. 3. Access releases by using the left pane of the RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Larryxi of XDSEC for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-code-exec-wH3BNFb Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability Priority: Critical Advisory ID: cisco-sa-rv-auth-bypass-cGv9EruZ First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvr96247 CSCvr96252CSCvr96256 CVE-2020-3144 CWE-284 CVSS Score: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-auth-bypass-cGv9EruZ Affected Products o Vulnerable Products This vulnerability affects all releases of the following Cisco products if they are running a vulnerable software release: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Disabling the remote management feature, if not required, would help to reduce the attack surface of this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in the following firmware releases: RV110W Wireless-N VPN Firewall: 1.2.2.8 RV130 VPN Router: 1.0.3.55 RV130W Wireless-N Multifunction VPN Router: 1.0.3.55 RV215W Wireless-N VPN Router: 1.3.1.7 To download the software from the Software Center on Cisco.com, do the following: RV110W and RV215W 1. Click Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware. 3. Access releases by using the left pane of the RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router page. RV130 1. Click Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130 VPN Router > Small Business Router Firmware . 3. Access releases by using the left pane of the RV130 VPN Router page. RV130W 1. Click Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130W Wireless-N Multifunction VPN Router > Small Business Router Firmware . 3. Access releases by using the left pane of the RV130W Wireless-N Multifunction VPN Router page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Quentin Kaiser for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-auth-bypass-cGv9EruZ Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- - -------------------------------------------------------------------------------- Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability Priority: Critical Advisory ID: cisco-sa-rv110w-static-cred-BMTWBWTy First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvs50818 CVE-2020-3330 CWE-798 CVSS Score: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv110w-static-cred-BMTWBWTy Affected Products o Vulnerable Products This vulnerability affects Cisco Small Business RV110W Wireless-N VPN Firewall firmware releases earlier than Release 1.2.2.8. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco Small Business Routers: RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in Cisco Small Business RV110W Wireless-N VPN Firewall firmware releases 1.2.2.8 and later. To download the software from the Software Center on Cisco.com , do the following: 1. Click Browse all . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall > Wireless Router Firmware. 3. Choose a release from the left pane of the RV110W Wireless-N VPN Firewall page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Larryxi of XDSEC for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv110w-static-cred-BMTWBWTy Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability Priority: Critical Advisory ID: cisco-sa-rv-rce-AQKREqp First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvr97864 CSCvr97884CSCvr97889 CVE-2020-3323 CWE-119 CVSS Score: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-rce-AQKREqp Affected Products o Vulnerable Products This vulnerability affects the following Cisco Small Business routers if they are running a vulnerable firmware release: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router For information about which Cisco firmware releases are vulnerable, see the Fixed Software section of this advisory. The web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. However, disabling the remote management feature, if it is not required, would help to reduce the attack surface of this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed firmware release as indicated in the following table: Cisco Product First Fixed Release RV110W Wireless-N VPN Firewall 1.2.2.8 RV130 VPN Router 1.0.3.54 RV130W Wireless-N Multifunction VPN Router 1.0.3.54 RV215W Wireless-N VPN Router 1.3.1.7 To download the software from the Software Center on Cisco.com , do the following: RV110W and RV215W 1. Click Browse all. 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware . 3. Choose a release from the left pane of the RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router page. RV130 and RV130W 1. Click Browse all. 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130 VPN Router or RV130W Wireless-N Multifunction VPN Router > Small Business Router Firmware . 3. Choose a release from the left pane of the RV130 VPN Router or RV130W Wireless-N Multifunction VPN Router page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Gyengtak Kim, Jeongun Baek, and Sanghyuk Lee of GeekPwn for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-rce-AQKREqp Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities Priority: High Advisory ID: cisco-sa-rv-rce-m4FEEGWX First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available CVE-2020-3145 CVE-2020-3146 CWE-119 CVSS Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. Cisco has released software updates that address the vulnerabilities described in this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-rce-m4FEEGWX Affected Products o Vulnerable Products These vulnerabilities affects all releases of the following Cisco products if they are running a vulnerable software release: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Workarounds o There are no workarounds that address these vulnerabilities. Disabling the remote management feature, if not required, would help to reduce the attack surface of these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed these vulnerabilities in the following firmware releases: RV110W Wireless-N VPN Firewall: 1.2.2.8 RV130 VPN Router: 1.0.3.55 RV130W Wireless-N Multifunction VPN Router: 1.0.3.55 RV215W Wireless-N VPN Router: 1.3.1.7 To download the software from the Software Center on Cisco.com, do the following: RV110W and RV215W 1. Choose Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware . 3. Access releases by using the left pane of the RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router page. RV130 1. Choose Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130 VPN Router > Small Business Router Firmware . 3. Access releases by using the left pane of the RV130 VPN Router page. RV130W 1. Choose Browse All . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130W Wireless-N Multifunction VPN Router > Small Business Router Firmware . 3. Access releases by using the left pane of the RV130W Wireless-N Multifunction VPN Router page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o Cisco would like to thank Quentin Kaiser for reporting these vulnerabilities. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-rce-m4FEEGWX Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-sb-dos-ZN5GvNH7 First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvu36544 CVE-2020-3358 CWE-20 Summary o A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sb-dos-ZN5GvNH7 Affected Products o Vulnerable Products This vulnerability affects all releases of the following Cisco products if SSL VPN is configured on the device: RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit POE VPN Router Determining if SSL VPN Is Configured The administrator can use the web-based utility to navigate to VPN > SSL VPN. If the radio button is clicked to On , the device is vulnerable. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following products: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with PoE RV260W Wireless-AC VPN Router Workarounds o Disabling the SSL VPN configuration eliminates the attack vector for this vulnerability, and may be a suitable mitigation until the affected device can be upgraded. The administrator can use the web-based utility to navigate to VPN > SSL VPN and set the radio button to Off . Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in firmware release 1.0.03.18. To download the software from the Software Center on Cisco.com, click Browse All and navigate to Downloads Home > Routers > Small Business Routers > Small Business RV Series Routers . Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank 0x00string with exploitee.rs for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sb-dos-ZN5GvNH7 Revision History o +---------+---------------------------+---------+--------+---------------+ | Version | Description | Section | Status | Date | +---------+---------------------------+---------+--------+---------------+ | 1.0 | Initial public release. | - | Final | 2020-July-15 | +---------+---------------------------+---------+--------+---------------+ - -------------------------------------------------------------------------------- Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-sb-rce-dos-9ZAjkx4 First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvu36543 CVE-2020-3357 CWE-20 Summary o A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sb-rce-dos-9ZAjkx4 Affected Products o Vulnerable Products This vulnerability affects the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.03.18 and have the SSL VPN configured: RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit POE VPN Router Determine the SSL VPN Configuration To determine whether the SSL VPN is configured, administrators can use the web-based utility and choose VPN > SSL VPN . If the radio button is clicked to On , the device is vulnerable. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco Small Business Routers: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with POE RV260W Wireless-AC VPN Router Workarounds o There are no workarounds that address this vulnerability. However, disabling the SSL VPN eliminates the attack vector for this vulnerable and maybe a suitable mitigation until the affected device can be upgraded. To disable the SSL VPN, administrators can use the web-based utility, choose VPN > SSL VPN, and set the radio button to Off . Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in Cisco RV340, RV340W, RV345, and RV345P Routers firmware releases 1.0.03.18 and later. To download the software from the Software Center on Cisco.com , do the following: 1. Click Browse all . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers . 3. Choose the appropriate router. 4. Choose Small Business Router Firmware . 5. Choose a release from the left pane of the product page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank 0x00string of exploitee.rs for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sb-rce-dos-9ZAjkx4 Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability Priority: Medium Advisory ID: cisco-sa-rv-info-dis-FEWBWgsD First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvr96267 CSCvr96274 CVE-2020-3150 CWE-285 CVSS Score: 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-info-dis-FEWBWgsD Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco Small Business Routers and firmware releases: RV110W Wireless-N VPN Firewall releases earlier than Release 1.2.2.8 RV215W Wireless-N VPN Router releases earlier than Release 1.3.1.7 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Small Business RV130 VPN Routers or Cisco Small Business RV130W Wireless-N Multifunction VPN Routers. Workarounds o There are no workarounds that address this vulnerability. However, disabling the remote management feature, if it is not required, would help to reduce the attack surface of this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the following Cisco Small Business routers and firmware releases contained the fix for this vulnerability: RV110W Wireless-N VPN Firewall releases 1.2.2.8 and later RV215W Wireless-N VPN Router releases 1.3.1.7 and later See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. To download the software from the Software Center on Cisco.com , do the following: 1. Click Browse all . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware . 3. Choose a release from left pane. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Quentin Kaiser for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-rv-info-dis-FEWBWgsD Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability Priority: High Advisory ID: cisco-sa-cmd-shell-injection-9jOQn9Dy First Published: 2020 July 15 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvs50846 CSCvs50849 CSCvs50853 CVE-2020-3332 CWE-78 CVSS Score: 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-cmd-shell-injection-9jOQn9Dy Affected Products o Vulnerable Products This vulnerability affects the following Cisco Small Business Routers if they are running a vulnerable firmware release: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. The web-based management interface of these devices is available through a local LAN connection or the remote management feature. By default, the remote management feature is disabled for these devices. To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed firmware release as indicated in the following table: Cisco Product First Fixed Release RV110W Wireless-N VPN Firewall 1.2.2.8 RV130 VPN Router 1.0.3.55 RV130W Wireless-N Multifunction VPN Router 1.0.3.55 RV215W Wireless-N VPN Router 1.3.1.7 To download the software from the Software Center on Cisco.com , do the following: RV110W and RV215W 1. Click Browse all. 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router > Wireless Router Firmware . 3. Choose a release from the left pane of the RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN Router page. RV130 and RV130W 1. Click Browse all. 2. Choose Routers > Small Business Routers > Small Business RV Series Routers > RV130 VPN Router or RV130W Wireless-N Multifunction VPN Router > Small Business Router Firmware . 3. Choose a release from the left pane of the RV130 VPN Router or RV130W Wireless-N Multifunction VPN Router page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Larryxi of XDSEC for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-cmd-shell-injection-9jOQn9Dy Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2020-JUL-15 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXw+6duNLKJtyKPYoAQiDCg//S93WwFT+wosVduVA8qjbg2LFCAmKjjNt yqXRpL8yvXB1BN3xZORLwh3yF1to2IVSQFOnLoQ7uh6l450niGWIQ/wVYYNqs6It +enAQ9W/RfOew3xbz6CWAOvFecMUJz/a3GPcqL57Yl/98uZs1SZSD2IzFwIMb5k6 TyXruWdoqkrOsfULWdgdUppY93D7mU226uJyQwQSYcHmIK80ygbDhpphyydmYwKc xCHsT1xoCLaLlfb1khFrWjA5IW7r2sjraS77rQvDObg7FTbE7qe8/BHMxOWHObP9 9j0UQ3z6cLjPOkaFWbZ4F7ELPTirfSFAhUmCK5zZEk2ZZLYNnrBM6XviyhD2z28Q 7hsIMKOdhh+jmm71lTQgbTaNIldOWPiDShyjtxDK9neIgQGpk02OfJq7rrU952t8 p5uupBF6mxbbX6hbfxooqsprPQr3LQv5+JSdofRhgHcf+mXyGbUcd3yTEczFdTGt J8FlMkSKyxWI+nDd7rnsMpl6p3ANxP5yDE0vI1l9JGpCQa6tLvmR3JuMOakyhl4F EXn6OXubO0d12sCmrZ0a9J0oHP1PniVXgPaRKMRORuwxcwzdvF0k3jbESa1qx8px 8YerTJOC/FM4+IL9HQKhvjxw03on4NjIGd83o7Bz/xc3fQoelows7SKw2Bsi8zgf 2GRoDwxb7Jo= =MsvN -----END PGP SIGNATURE-----