Cisco

Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

Cisco Security Advisories - Wed, 12/11/2019 - 7:44pm

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos


Security Impact Rating: High
CVE: CVE-2019-15276
Categories: Cisco

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 12/11/2019 - 7:17pm

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ise-xss


Security Impact Rating: Medium
CVE: CVE-2019-12644
Categories: Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

Cisco Security Advisories - Tue, 12/03/2019 - 7:37pm

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

Update November 19, 2019: Advisory version 1.1 contained a Fixed Software table advising that Vulnerability Database (VDB) Update 329 contained a fix for this vulnerability for Cisco FTD Software. It has been discovered since release of VDB Update 329 that this fix does not provide adequate mitigation for this vulnerability. Customers are advised to wait for an update to this advisory and for a new fix to be posted.

Cisco has released software updates that address this vulnerability for Cisco ASA Software and will release additional software updates that will address this vulnerability for ASA Software and for FTD Software. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce


Security Impact Rating: High
CVE: CVE-2019-15992
Categories: Cisco

Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities

Cisco Security Advisories - Mon, 12/02/2019 - 7:40pm

Multiple vulnerabilities in Cisco SPA Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Note: The web-based management interface is enabled by default.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce


Security Impact Rating: High
CVE: CVE-2019-15240,CVE-2019-15241,CVE-2019-15242,CVE-2019-15243,CVE-2019-15244,CVE-2019-15245,CVE-2019-15246,CVE-2019-15247,CVE-2019-15248,CVE-2019-15249,CVE-2019-15250,CVE-2019-15251,CVE-2019-15252
Categories: Cisco

Cisco Secure Boot Hardware Tampering Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 8:23pm

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.

The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot


Security Impact Rating: High
CVE: CVE-2019-1649
Categories: Cisco

Cisco Unified Communications Manager SQL Injection Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql


Security Impact Rating: Medium
CVE: CVE-2019-15972
Categories: Cisco

Cisco Webex Teams for Windows DLL Hijacking Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll


Security Impact Rating: Medium
CVE: CVE-2019-16001
Categories: Cisco

Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames.

The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis


Security Impact Rating: Medium
CVE: CVE-2019-15987
Categories: Cisco

Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-vman-csrf


Security Impact Rating: Medium
CVE: CVE-2019-16002
Categories: Cisco

Cisco Unity Express Command Injection Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials.

The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-unity-exp-comm-inject


Security Impact Rating: Medium
CVE: CVE-2019-15986
Categories: Cisco

Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-ucdm-xss


Security Impact Rating: Medium
CVE: CVE-2019-15968
Categories: Cisco

Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-stealth-xss


Security Impact Rating: Medium
CVE: CVE-2019-15994
Categories: Cisco

Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface.

The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodis


Security Impact Rating: Medium
CVE: CVE-2019-15990
Categories: Cisco

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device.

The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-iosxr-ssh-bypass


Security Impact Rating: Medium
CVE: CVE-2019-15998
Categories: Cisco

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.

The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-url-bypass


Security Impact Rating: Medium
CVE: CVE-2019-15988
Categories: Cisco

Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device.

The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-mp3-bypass


Security Impact Rating: Medium
CVE: CVE-2019-15971
Categories: Cisco

Cisco DNA Spaces: Connector SQL Injection Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries.

The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-sqlinjection


Security Impact Rating: Medium
CVE: CVE-2019-15995
Categories: Cisco

Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-priv-esca


Security Impact Rating: Medium
CVE: CVE-2019-15996
Categories: Cisco

Cisco DNA Spaces: Connector Command Injection Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 7:00pm

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root.

The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-cmd-injection


Security Impact Rating: Medium
CVE: CVE-2019-15997
Categories: Cisco

Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

Cisco Security Advisories - Wed, 11/20/2019 - 6:15pm

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.


Security Impact Rating: High
CVE: CVE-2019-12655
Categories: Cisco

Pages