Cisco

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

Cisco Security Advisories - Fri, 10/18/2019 - 7:08pm

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device.

The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device.

The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass


Security Impact Rating: Critical
CVE: CVE-2019-12643
Categories: Cisco

Multiple Issues in Cisco Small Business 250/350/350X/550X Series Switches Firmware and Cisco FindIT Network Probe

Cisco Security Advisories - Wed, 10/16/2019 - 8:21pm

On June 3, 2019, SEC Consult, a consulting firm for the areas of cyber and application security, contacted the Cisco Product Security Incident Response Team (PSIRT) to report the following issues that they found in firmware images for Cisco Small Business 250 Series Switches:

  • Certificates and keys issued to Futurewei Technologies
  • Empty password hashes
  • Unneeded software packages
  • Multiple vulnerabilities in third-party software (TPS) components

Cisco PSIRT investigated each issue, and the following are the investigation results:

Certificates and Keys Issued to Futurewei Technologies

An X.509 certificate with the corresponding public/private key pair and the corresponding root CA certificate were found in Cisco Small Business 250 Series Switches firmware. SEC Consult calls this the “House of Keys.” Both certificates are issued to third-party entity Futurewei Technologies, a Huawei subsidiary.

The certificates and keys in question are part of the Cisco FindIT Network Probe that is bundled with Cisco Small Business 250, 350, 350X, and 550X Series Switches firmware. These files are part of the OpenDaylight open source package. Their intended use is to test the functionality of software using OpenDaylight routines. The Cisco FindIT team used those certificates and keys for their intended testing purpose during the development of the Cisco FindIT Network Probe; they were never used for live functionality in any shipping version of the product. All shipping versions of the Cisco FindIT Network Probe use dynamically created certificates instead. The inclusion of the certificates and keys from the OpenDaylight open source package in shipping software was an oversight by the Cisco FindIT development team.

Cisco has removed those certificates and associated keys from FindIT Network Probe software and Small Business 250, 350, 350X, and 550X Series Switches firmware starting with the releases listed later in this advisory.

Empty Password Hashes

The /etc/passwd file included in Cisco Small Business 250, 350, 350X, and 550X Series Switches firmware has empty password hashes for the users root and user.

The /etc/passwd file is not consulted during user authentication by Small Business 250, 350, 350X, and 550X Series Switches firmware. Instead, a dedicated alternate user database is used to authenticate users that log in to either the CLI or the web-based management interface of Small Business 250, 350, 350X, and 550X Series Switches.

A potential attacker with access to the base operating system on an affected device could exploit this issue to elevate privileges to the root user. However, Cisco is not currently aware of a way to access the base operating system on these switches.

Cisco has replaced the empty hashes with hashed, randomly generated passwords during initial boot from Cisco Small Business 250, 350, 350X, and 550X Series Switches firmware starting with the releases listed later in this advisory.

Unneeded Software Packages

An attacker who gains access to the CLI of the base operating system may be able to misuse the gdbserver and tcpdump packages that are included in Cisco Small Business 250, 350, 350X, and 550X Series Switches firmware as part of the base operating system. Cisco is not currently aware of a way to access this part of the system on these switches.

Cisco has removed the gdbserver and tcpdump packages from Cisco Small Business 250, 350, 350X, and 550X Series Switches firmware starting with the releases listed later in this advisory.


Security Impact Rating: Informational
Categories: Cisco

Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos


Security Impact Rating: High
CVE: CVE-2019-15264
Categories: Cisco

Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-ssh-dos


Security Impact Rating: High
CVE: CVE-2019-15262
Categories: Cisco

Cisco Wireless LAN Controller Path Traversal Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted.

This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-wlc-pathtrav


Security Impact Rating: Medium
CVE: CVE-2019-15266
Categories: Cisco

Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-vcs-xss


Security Impact Rating: Medium
CVE: CVE-2019-12705
Categories: Cisco

Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-telepres-escalation


Security Impact Rating: Medium
CVE: CVE-2019-15277
Categories: Cisco

Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-privescal


Security Impact Rating: Medium
CVE: CVE-2019-15275
Categories: Cisco

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device.

The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-filewrite


Security Impact Rating: Medium
CVE: CVE-2019-15962
Categories: Cisco

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files.

The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by authenticating as the remote support user and submitting malicious input to specific commands. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying filesystem. The attacker has no control over the contents of the data written to the file. Overwriting a critical file could cause the device to crash, resulting in a denial of service condition (DoS).

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-file-ovrwrt


Security Impact Rating: Medium
CVE: CVE-2019-15273
Categories: Cisco

Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-cmdinj


Security Impact Rating: Medium
CVE: CVE-2019-15274
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device.

The vulnerability is due to improper validation of user-supplied requests to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the device to stop responding, requiring manual intervention for recovery.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-webui-dos


Security Impact Rating: Medium
CVE: CVE-2019-15258
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device.

The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-ui-disclosure


Security Impact Rating: Medium
CVE: CVE-2019-12704
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

The vulnerability is due to improper restrictions on configuration information. An attacker could exploit this vulnerability by sending a request to an affected device through the web-based management interface. A successful exploit could allow the attacker to return running configuration information that could also include sensitive information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-running-config


Security Impact Rating: Medium
CVE: CVE-2019-15257
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-reflected-xss


Security Impact Rating: Medium
CVE: CVE-2019-12702
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Note: The web-based management interface is enabled by default.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce


Security Impact Rating: High
CVE: CVE-2019-15240,CVE-2019-15241,CVE-2019-15242,CVE-2019-15243,CVE-2019-15244,CVE-2019-15245,CVE-2019-15246,CVE-2019-15247,CVE-2019-15248,CVE-2019-15249,CVE-2019-15250,CVE-2019-15251,CVE-2019-15252
Categories: Cisco

Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by sending malicious input to the affected software through crafted DHCP requests, and then persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-dhcp-xss


Security Impact Rating: Medium
CVE: CVE-2019-12703
Categories: Cisco

Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device.

There are no workarounds that address this vulnerability

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-credentials


Security Impact Rating: Medium
CVE: CVE-2019-12708
Categories: Cisco

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.

The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss


Security Impact Rating: Medium
CVE: CVE-2019-12718
Categories: Cisco

Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

Cisco Security Advisories - Wed, 10/16/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf


Security Impact Rating: High
CVE: CVE-2019-12636
Categories: Cisco

Pages