Cisco today exposed 13 vulnerabilities in its IOS and IOS XE switch and router operating software that the company said should be patched as soon as possible.
The vulnerabilities were detailed in Cisco’s twice-yearly dump of IOS exposures. All have a High Impact security rating, and fixes should be evaluated by users quickly.
The company said this particular batch of issues could let an attacker gain elevated privileges for an affected device or cause a denial of service (DoS) on an affected device.
Some of the High Impact vulnerabilities from Cisco include:
- A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a DoS situation.
- A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could let a remote attacker cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device, effectively causing a DoS.
- A weakness in the web user interface of Cisco IOS XE Software could let an attacker cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
- A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a DoS situation on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs, it will not reboot automatically, and it will need to be power cycled manually to recover.
- A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.
According to Cisco, none of these vulnerabilities has resulted in an attack and all have patches or software updates that users can apply. The latest vulnerability dump comes on the heels of a number of security problems Cisco has warned users about this month.
Other ‘Critical’ warnings from Cisco
Just this week the company issued two “Critical” warnings including a vulnerability in its Identity Services Engine (ISE) software. The first could let an unauthenticated, remote attacker gain unauthorized access to an affected device. ISE controls access to wired and wireless resources. A successful exploit via the admin console may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of Cisco ISE software that resolves this vulnerability, the company stated.
The second critical problems centers around Cisco ISE Authenticated Arbitrary Command Execution and ISE Support Information Download Authentication Bypass features.
“These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Successful exploitation of the Cisco ISE Authenticated Arbitrary Command Execution Vulnerability may let an authenticated remote attacker execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information Download Authentication Bypass Vulnerability could allow an attacker to obtain sensitive information including administrative credentials,” Cisco wrote.
Cisco also this week detailed the potential impact of an industry-wide Linux denial-of-service vulnerability on its products. Known as FragmentSmack, a flaw in the Linux kernel could let an attacker send “specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system with relatively small bandwidth of the incoming network traffic. In a worst case scenario, an attacker can stall an affected host or device with less than 2kpps of an attack traffic. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses,” Red Hat wrote of the problem last month.
In Cisco’s case, the bug could hit over 80 of its products that use Linux Kernel Version 3.9 or later, including its Tetration Analytics package, Series 100-5000 vEdge routers, Nexus switches, and Aironet wireless products.
Cisco said it is updating the advisory on this problem as it evaluates its impact and fixes.