[BreachExchange] Cisco fixes three critical bugs in IOS XE software
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Fri Sep 24 08:21:05 EDT 2021
https://www.computing.co.uk/news/4037657/cisco-fixes-critical-bugs-ios-xe-software
Cisco has released patches to address three critical security bugs in its
IOS XE internetworking operating system, which could enable threat actors
to run arbitrary code remotely and cause denial of service (DoS) condition
on vulnerable devices.
The most severe of these issues is CVE-2021-34770, a remote code execution
(RCE) with CVSS score of 10.0.
According to Cisco, this vulnerability is a 'logic error' that occurs
during the processing of Control and Provisioning of Wireless Access Points
(CAPWAP) protocol.
The CAPWAP protocol enables a central wireless Controller to handle
processing of IOS XE software for Catalyst 9000 family wireless controllers.
Cisco said that the bug could allow attackers to run arbitrary code with
root privileges, after sending a crafted packet.
A successful attack would cause the targeted device to crash and reload,
resulting in a DoS condition.
The flaw affects Catalyst 9800 and 9800-CL wireless controllers; Catalyst
9300, 9400, and 9500 series switches; and embedded wireless controllers on
catalyst access points.
A second critical vulnerability addressed by Cisco is a buffer overflow in
IOS XE SD-WAN, which could enable an unauthenticated, remote attacker to
run arbitrary commands with root privileges or cause the device to reload,
which could result in a DoS condition.
Indexed as CVE-2021-34727, this bug happens due to insufficient bounds
checking when an affected device processes traffic.
An adversary could exploit this bug by sending crafted traffic to the
device.
The products affected due to this bug include cloud services router 1000V
series, integrated services routers (ISRs) 1000 and 4000 series, and
aggregation services routers (ASR) 1000 series.
Lastly, Cisco patched CVE-2021-1619, a bug which is caused due to an
uninitialised variable in the authentication, authorisation, and accounting
(AAA) function of the Cisco IOS XE Software.
A successful attack would enable an authenticated, remote actor to
'install, manipulate, or delete the configuration of a network device or to
corrupt memory on the device,' resulting in a DoS condition.
Cisco says it has no reports of these three bugs being exploited in the
wild.
These fixes were released as part of Cisco's September 2021 bundle of
security advisories for IOS and IOS XE software.
In total, Cisco has fixed 27 vulnerabilities this month, including 13
high-severity and 11 medium-severity bugs.
Earlier this month, the company urged users to patch a critical
vulnerability in virtualised network devices after a proof-of-concept (PoC)
exploit code was made public.
The vulnerability, indexed as CVE-2021-34746, affected the TACACS+
authentication, authorisation and accounting feature of Cisco Enterprise
NFV Infrastructure Software.
And in June, reports emerged that cyber criminals were exploiting a
security flaw (CVE-2020-3580) in Cisco Adaptive Security Appliance (ASA)
devices in active attacks following the release of PoC exploit code.
Cisco first revealed details of the cross-site scripting (XSS) bug in
October 2020 and also issued a fix for it. Because the initial patch was
incomplete, the vendor released an additional patch for the bug in April
2021.
In its advisory, Cisco said that it was releasing patches to address
multiple XSS bugs in its ASA and Firepower Threat Defense (FTD) software
web services.
It urged organisations to patch their devices against CVE-2020-3580 to
protect their sensitive data from threat actors.
Cybersecurity firm Rapid7 warned last year that there were over 85,000
internet-accessible ASA/FTD devices as of July 2020. Of those devices, 398
were spread across 17 per cent of the Fortune 500 firms.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210924/cb2822da/attachment.html>
More information about the BreachExchange
mailing list