cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Announcement“Cisco Design Thinking Workshop”. Cisco Small Business is excited to invite its Silicon Valley customers to an exclusive interactive one-day session between customers and product Managers.  If you are interested in this exclusive workshop, please fill out the Registration Form. For more information, please check out our FAQ


Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter

395
Views
0
Helpful
4
Replies
Beginner

RV042G PCI DSS SSL Issues

Looks like the RV042G needs another firmware updates as the units we have in the field are now not passing PCI DSS Scans.  Dealing with the compliance scanning companies, they are telling me that the firmware is the way to fix this.  Here are the errors reported:

 

Cross-site scripting vulnerability in portalname parameter to /cgibin/userLogin.cgi - FAIL

Description: Several types of web servers and CGI programs include the user's request in their response. For example, a request for the page http://server/nonexistent_page.html may cause server to respond: The page nonexistent_page.html does not exist on this server.

 

Response splitting vulnerability in portalname parameter to /cgibin/userLogin.cgi - FAIL

Description: Some programs on web servers place user- supplied parameters into certain HTTP headers.

 

I am using port 443 for remote access to the devices.  Moving the port simply changes the reported failure to that port.  Any suggestions or has anyone heard for a firmware update coming soon for this device?

Thanks.  John

 

 

4 REPLIES 4
Beginner

The failure i am getting for

The failure i am getting for PCI compliance is that the SSL Keylength is to short (1024 bits instead of the required 2048 bits)  the error is comming on port 60443 (The port used by quickvpn - a service I am not using)

 

 

Highlighted
Beginner

Hi dwyerja01,Unfortunately I

Hi dwyerja01,

Unfortunately I do not think Cisco is going to do anything about this.  I have emailed my sales support contact (no response), called tech support (clueless on when or if there will be a firmware update - the only way to fix this) and posted here (no response from Cisco).

With that said, we have begun a transition away from Cisco Small Business gear.  While this is disappointing for us, supporting their router platform is just not a priority for them (or so it seems).

If we get lucky, maybe a new firmware will drop.  Fingers crossed!

If I find or get more information I will post back here (please do the same).

John

Beginner

John: Thanks  time to find

John:

 

Thanks  time to find anther router as my non-profit will not pass PCI with this one.  I am very disappointed to say the least

Beginner

Re: John: Thanks  time to find

Did you find a small-business router that does pass PCI compliance?