Cisco

Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.

This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4


Security Impact Rating: Medium
CVE: CVE-2021-1522
Categories: Cisco

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:

  • Execute arbitrary code
  • Cause a denial of service (DoS) condition
  • Execute arbitrary commands 

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy


Security Impact Rating: Critical
CVE: CVE-2021-1609,CVE-2021-1610
Categories: Cisco

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4


Security Impact Rating: High
CVE: CVE-2021-1602
Categories: Cisco

Cisco Packet Tracer for Windows DLL Injection Vulnerability

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path on the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow an attacker with normal user privileges to execute arbitrary code on the affected system with the privileges of another user’s account. 

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-packettracer-dll-inj-Qv8Mk5Jx


Security Impact Rating: High
CVE: CVE-2021-1593
Categories: Cisco

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the NSO built-in Secure Shell (SSH) server for CLI was enabled. If the NSO built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which Cisco NSO is running, which is root by default.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all Cisco NSO users have this access if the server is enabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT


Security Impact Rating: High
CVE: CVE-2021-1572
Categories: Cisco

Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system.

This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C


Security Impact Rating: Medium
CVE: CVE-2021-34707
Categories: Cisco

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 08/04/2021 - 4:00pm

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. 

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled.

Software updates that address this vulnerability have been released. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4


Security Impact Rating: High
CVE: CVE-2021--1572
Categories: Cisco

Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Cisco Security Advisories - Wed, 08/04/2021 - 3:58pm

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device.

For more information about these vulnerabilities, see the Details section of this advisory.

Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe


Security Impact Rating: High
CVE: CVE-2021-1251,CVE-2021-1308,CVE-2021-1309
Categories: Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Cisco Security Advisories - Tue, 08/03/2021 - 3:59pm

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG


Security Impact Rating: Medium
CVE: CVE-2021-1547,CVE-2021-1548,CVE-2021-1549,CVE-2021-1550,CVE-2021-1551,CVE-2021-1552,CVE-2021-1553,CVE-2021-1554,CVE-2021-1555
Categories: Cisco

Cisco Web Security Appliance Privilege Escalation Vulnerability

Cisco Security Advisories - Fri, 07/30/2021 - 2:10pm

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

This vulnerability is due to insufficient validation of user-supplied XML input for the web interface. An attacker could exploit this vulnerability by uploading crafted XML configuration files that contain scripting code to a vulnerable device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. An attacker would need a valid user account with the rights to upload configuration files to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ


Security Impact Rating: High
CVE: CVE-2021-1359
Categories: Cisco

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user.

This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq


Security Impact Rating: Medium
CVE: CVE-2021-1599
Categories: Cisco

Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.

These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device. 

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8


Security Impact Rating: High
CVE: CVE-2021-1600,CVE-2021-1601
Categories: Cisco

Cisco Intersight Virtual Appliance Vulnerabilities

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system.

These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following:

  • Execute a command using crafted input
  • Upload a file that has been altered using path traversal techniques

A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx


Security Impact Rating: Medium
CVE: CVE-2021-1617,CVE-2021-1618
Categories: Cisco

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system.

This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE


Security Impact Rating: Medium
CVE: CVE-2021-34700
Categories: Cisco

Cisco SD-WAN Software Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.

This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq


Security Impact Rating: Medium
CVE: CVE-2021-1614
Categories: Cisco

Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

Cisco Security Advisories - Wed, 07/21/2021 - 11:00pm

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.

This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq


Security Impact Rating: Medium
CVE: CVE-2021-1518
Categories: Cisco

Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 07/21/2021 - 7:55pm

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. 

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL


Security Impact Rating: Medium
CVE: CVE-2021-1395
Categories: Cisco

Cisco Integrated Management Controller Open Redirect Vulnerability

Cisco Security Advisories - Fri, 07/16/2021 - 5:37pm

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2


Security Impact Rating: Medium
CVE: CVE-2021-1397
Categories: Cisco

Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

Cisco Security Advisories - Thu, 07/15/2021 - 11:00pm

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition.

The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data.

Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC


Security Impact Rating: High
CVE: CVE-2021-1422
Categories: Cisco

Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

Cisco Security Advisories - Thu, 07/15/2021 - 2:50pm

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section.

The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls.

This vulnerability does not affect cloud registered collaboration endpoints.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB


Security Impact Rating: High
CVE: CVE-2020-3155
Categories: Cisco

Pages