Alert!! Critical Bugs in Cisco Products Let Hackers Execute Arbitrary Code to Gain Admin Access

Recently, Cisco has released several security updates to address and fix different vulnerabilities in multiple Cisco products. All these vulnerabilities allow attackers to remotely execute arbitrary code on target PC to gain admin access and steal sensitive information.

Till now in August, Cisco has identified 47 vulnerabilities in Cisco products, one of them is marked as severely “Critical” severity, 9 of them are marked with a “High” severity tag, and the rest of them are marked as “Medium”.

All these vulnerabilities could allow bypassing LDAP authentication, admin access, uncontrolled access to routes, default credentials, privilege escalation, or denial of service.

Flaws Marked as Most Dangerous

In total, the security experts at Cisco have marked 10 vulnerabilities as most dangerous among 47; and here we have mentioned them below:-

  1. Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability (Critical)
  2. Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability (High)
  3. Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities (High)
  4. Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability (High)
  5. Cisco Webex Meetings Desktop App and Webex Meetings Client URL Filtering Arbitrary Program Execution Vulnerability (High)
  6. GRUB2 Arbitrary Code Execution Vulnerability (High)
  7. Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability (High)
  8. Cisco DNA Center Information Disclosure Vulnerability (High)
  9. Cisco StarOS IPv6 Denial of Service Vulnerability (High)
  10. Cisco Small Business RV Series Routers Command Injection Vulnerabilities (High)

Detailed Analysis Report – August

1. Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability (Critical)

This enables an unauthenticated, remote threat actor to log into the NFVIS CLI of an infected device utilizing the default accounts. The reason behind the existence of the vulnerability is that the infected software has user accounts with the default and the static passwords. 

The threat actor gets access to the NFVIS CLI of an infected device, as it could exploit this vulnerability just by logging into the CLI. That’s why a strong exploit could enable the threat actor to get access to the NFVIS CLI with administrator privileges. 

Vulnerable Products:

This new vulnerability infects the Cisco ENCS 5400-W Series and CSP 5000-W Series devices, in case if they are operating Cisco vWAAS along with NFVIS-bundled image delivers 6.4.5, or 6.4.3d and earlier.

Fixed Releases:

Cisco has fixed this new vulnerability in Cisco vWAAS along with NFVIS-bundled image release 6.4.3e or 6.4.5a.

2. Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability (High)

The Cisco smart software manager On-Perm Privilege Escalation vulnerability enables an authenticated, remote threat actor to promote opportunities and administer commands with higher instances. 

This vulnerability occurs due to inadequate authorization of the System Operator role abilities. The threat actor could utilize this vulnerability just by logging in with the System Operator function and implementing a set of actions.

Vulnerable Products:

The vulnerability infects every Cisco SSM On-Prem that are releases earlier than version 8-202004 and all 6.x Cisco Smart Software Manager satellite releases.

Fixed Releases:

Cisco has fixed this vulnerability in Cisco SSM On-Prem releases 8-202004 and later.

3. Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities (High)

This vulnerability can allow an unauthenticated, nearby attacker to perform the code remotely or to cause a reload of an infected IP camera. These vulnerabilities occur due to missing drafts when the IP cameras prepare a Cisco Discovery Protocol packet. 

The threat actors could exploit these vulnerabilities by transferring an ill-disposed Cisco Discovery Protocol packet to the targeted IP camera.

Vulnerable Products

These vulnerabilities infect the Cisco Video Surveillance 8000 Series IP Cameras if they are operating a firmware version earlier than 1.0.9-4 and have the Cisco Discovery Protocol allowed.

Fixed Releases

Cisco has fixed these vulnerabilities in Cisco Video Surveillance 8000 Series IP Camera Firmware releases 1.0.9-4 and later.

4.Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability (High)

This vulnerability could enable an authenticated, local attacker to execute a DLL hijacking attack. To exploit this vulnerability, the threat actor would require to have strong credentials on the Windows system. 

This vulnerability occurs due to the insufficient validation of resources that are stored by the application at the time of operation. The threat actor could easily exploit this vulnerability by transmitting a crafted IPC message to the AnyConnect method. 

A successful exploit could enable the attacker to administer arbitrary code on the infected machine with SYSTEM privileges.

Vulnerable Products

The vulnerability infects Cisco AnyConnect Secure Mobility Client for Windows releases 4.9.00086 and earlier.

Fixed Releases

Cisco has fixed this vulnerability in Cisco AnyConnect Secure Mobility Client for Windows releases 4.9.00086 and later.

5. Cisco Webex Meetings Desktop App and Webex Meetings Client URL Filtering Arbitrary Program Execution Vulnerability (High)

This vulnerability could allow unauthenticated remote threat actors to administer the programs on an infected end-user system. The reason behind the occurrence of this vulnerability is due to incorrect validation of input that is provided to application URLs.

The threat actors could exploit this vulnerability by convincing a user to emulate an ill-disposed URL. So, a reliable exploit could enable the attacker to produce the application to perform other programs that are already existing on the system.

Vulnerable Products:

This vulnerability attacks the Cisco Webex Meetings Desktop App and Cisco Webex Meetings Client, that got released earlier than Release 39.5.12.

Fixed Releases:

Cisco has fixed this vulnerability in the Cisco Webex Meetings Desktop App, and Cisco Webex Meetings Client releases 40.1.0, and not only that, even they have also released some lockdown versions as well.

6. GRUB2 Arbitrary Code Execution Vulnerability (High)

This vulnerability occurs due to the incorrect bounds checking of specific values parsed from the GRUB2 configuration file. Here the attacker could exploit this vulnerability by providing a crafted configuration file for GRUB2. 

A successful exploit could enable the attacker to insert arbitrary code that is accomplished before the operating system is stored on the targeted system.

Vulnerable Products

The unsafe products that got affected by this vulnerability are, Cisco Cloud Services Router 1000V Series, Cisco Integrated Services Virtual Router (ISRv), and Cisco Identity Services Engine (ISE), Cisco Enterprise NFV Infrastructure Software (NFVIS).

Fixed Releases

For any information regarding the fixed software releases, users can consult the Cisco bugs recognized in the Vulnerable Products division.

7. Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability (High)

This vulnerability could enable an unauthenticated, remote attacker to produce a denial of service (DoS) condition on an affected device. This vulnerability occurs due to inadequate validation of incoming IPv6 traffic. 

An attacker could utilize this vulnerability by transmitting a crafted IPv6 packet through an affected device. A successful exploit could enable the attacker to create an unexpected reboot of the switch, pointing to a DoS condition.

Vulnerable Products

  • The product that got vulnerable by this vulnerability are as follow:
  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

Fixed Releases

Cisco has published free software updates that approach the vulnerability outlined in this advisory. The Customers may only install and expect support for software versions and feature sets for which they have obtained a license.

8. Cisco DNA Center Information Disclosure Vulnerability (High)

This vulnerability could enable unauthenticated, remote attacker access to delicate information on an infected system. This vulnerability occurs due to inappropriate handling of authentication tokens by the infected software. 

The threat actors could exploit this vulnerability by transmitting a crafted HTTP request to an infected device, and a successful exploit could enable the threat actor to access sensitive device information.

Vulnerable Products

This vulnerability infects all 1.3.x versions of Cisco DNA Center software releases before 1.3.1.4.

Fixed Releases

Cisco has issued free software updates that approach this vulnerability. But, customers may only need to install and anticipate support for software versions and feature lists for which they have purchased a license.

9.Cisco StarOS IPv6 Denial of Service Vulnerability (High)

This flaw allows an unauthenticated attacker to remotely create a denial of service (DoS) condition on an affected device. This vulnerability occurs due to inadequate validation of incoming IPv6 traffic. 

The threat actor could exploit this vulnerability by transmitting a crafted IPv6 packet to an infected device, and a successful exploit could enable the attacker to create an unexpected reload of the device, starting with a DoS condition.

Vulnerable Products

There are a total of two products that got vulnerable in this vulnerability; they are the Cisco ASR 5000 Series Aggregation Services Routers and Cisco Virtualized Packet Core-Single Instance (VPC-SI).

Fixed Releases

Cisco has issued free software updates that approach this vulnerability. However, the customers may only need to install and presume support for software versions and feature lists for which they have purchased a license. 

10. Cisco Small Business RV Series Routers Command Injection Vulnerabilities (High)

This vulnerability could allow a remote attacker to get administrative privileges to administer the arbitrary commands on an affected device. This flaw exists because of the web-based management interface does not correctly validate user-supplied input to scripts.

A reliable exploit could enable the attacker to administer the arbitrary commands with root rights on the underlying operating system.

Vulnerable Products

This vulnerability has affected a total of six products:-

  • RV016 Multi-WAN VPN: 4.2.3.10 and earlier
  • RV042 Dual WAN VPN: 4.2.3.10 and earlier
  • RV042G Dual Gigabit WAN VPN: 4.2.3.10 and earlier
  • RV082 Dual WAN VPN: 4.2.3.10 and earlier
  • RV320 Dual Gigabit WAN VPN: 1.5.1.05 and earlier
  • RV325 Dual Gigabit WAN VPN: 1.5.1.05 and earlier

Fixed Releases

Cisco has published a free software update that approaches these vulnerabilities, and the users may only need to install and presume support for software versions and feature lists for which they have acquired a license.

Apart from all these things, for the solution, you have to apply the corresponding updates according to the affected product, indicated by the security experts at Cisco. you can refer further medium severity bug report in Cisco’s official Security Advisories page.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

New Jenkins Vulnerability Let Hackers Steal Sensitive Information By Obtain HTTP Response Headers

Leave a Reply