Weekly vCISO Security Notes

Small Business vCISO Security Notes – Week 40

Russell Harris

From the Cloudz Biz security and productivity desk, the vCISO Security Notes for week 40 of 2020 focuses on Wireless Router Chips, Cisco software and Cybersecurity Awareness Month.  With current events of the COVID19 pandemic heading into the eight month, majority of the population still works from home.

The purpose of this blog and weekly update is to provide small business owners a high level update on security issues and productivity opportunities.  We hope this brings more awareness to cybersecurity risks and threats that pepper the landscape in the digital world.  Ultimately help the small business community to increase security, enhance productivity and boost the bottom-line.

vCISO Security Notes:

This week for the vCISO security notes, we look at two (2) key vulnerabilities and thoughts about Cybersecurity Awareness Month.

#1 – Wireless Router Chipsets

CVE-2019-18989, CVE-2019-18990 and CVE-2019-18991 inform of a partial authentication bypass vulnerability for three (3) different types of chipsets.

The Risk:

The vulnerability allows sending a known packet to a WPA2 protected WLAN router where the packet is routed through the network without knowledge of the encryption key.  If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.  The following chipsets are effected:

  • Mediatek – MT7620N 1.6 devices
  • Realtek – RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10 and RTL8881AN 1.09 devices
  • Qualcomm (Atheros) – AR9132 3.0 (AMX.8), AR9283 1,85 and AR9285 1.0.0.12NA devices

Some of the devices effected with these chipsets are listed here:  (Synopsys found these and you can find more information from their blog.)

  • D-Link DWR-116 V1.06 (EU) – Mediatek
  • Zyxel NBG460N V3.60(AMX.8) – Qualcomm
  • Buffalo WHR-G300N V2 V1.85 (R1.18/B1.03) – Qualcomm
  • Netgear WNR1000 V1.0.0.12NA – Qualcomm
  • D-Link DIR-850L V1.21WW – Realtek
  • Netwjork N+4G V1.0.0 – Realtek
  • D-Link DIR-809 Rev A3 V1.09 Rev A2 – Realtek
  • D-Link DIR-605L H/W: B2 V2.10 – Realtek

vCISO Security Notes – Please note:  This list may not be all of the devices on the market with these chipsets.  Make sure you check and routinely update your wireless routers.

The Remediation/Recommendation:

Access points that use the Realtek and Mediatek manufacturers can request patches from those respective companies.  However, the identified chipsets for Qualcomm (Atheros) have reached end of life.  So we recommend, the wireless routers with the Qualcomm chipset mentioned above get replaced as soon as possible.

#2 – Cisco IOS XR Software

Distance Vector Multicast Routing Protocol (DVMRP) memory exhaustion vulnerabilities in the Cisco IOS XR software could allow an attacker to immediately or over time crash the Internet Group Management Protocol (IGMP) process CVE-2020-3566 and CVE-2020-3569.

The Risk:

Any Cisco device running the IOS XR software is at risk of an attacker crashing their IGMP process.

The Remediation/Recommendation:

First of all take inventory of your Cisco devices utilizing the IOS XR software.  Then upgrade those devices with the latest patches.  More information can be found here at this site.

#3 – Cybersecurity Awareness

It seems people understand a little more about cybersecurity risks than a few years ago.  Phishing and malware attacks continue to be prevalent in the business world we live in.  Microsoft just delivered their Digital Defense Report – September 2020, the biggest take away is how fast attackers increase their technique and ability to slip through defense mechanisms.

CoVID19 may go away someday, however, attackers will never go away due to the money involved.

This weeks vCISO Security Notes recommendation and advice – Do not let complacency with cybersecurity set in!  Educate your workforce, they are part of the defense plan.

Cloudz Biz Final Notes

Now that we’ve shared this weeks vCISO Security Notes.  A few more general thoughts, technology creates advantages through productivity and business workflow enhancements.  However, technology opens up the door for attackers to take advantage of flaws.  No technology is perfect so the next best thing is to develop a plan to maintain updates for the technology you utilize in your business.

Also find a vendor or partner who will run vulnerability scans on your environment with a cadence that makes sense for your business.

If you feel like this is valuable, please leave a comment below.  Look forward to hearing from you.

For your next Risk and Vulnerability Assessment, click the link below and take advantage of what we have to offer.

Vulnerability Assessment