Cisco

Cisco Small Business Switches Privileged Access Vulnerability

Cisco Security Advisories - Wed, 01/16/2019 - 11:24pm

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device.

The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights.

Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc


Security Impact Rating: Critical
CVE: CVE-2018-15439
Categories: Cisco

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

Cisco Security Advisories - Fri, 01/11/2019 - 3:52pm

On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution of arbitrary code or modifications of files on the system. The issue is caused by a previously reported vulnerability of the Apache Commons FileUpload library, assigned to CVE-2016-1000031.

The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting crafted data to an affected system. A successful exploit could allow the attacker to execute arbitrary code or manipulate files on the targeted system.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload


Security Impact Rating: Critical
CVE: CVE-2016-1000031
Categories: Cisco

Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device.

The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-asr900-dos


Security Impact Rating: Medium
CVE: CVE-2018-15464
Categories: Cisco

Cisco Webex Business Suite Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-webex-bs-xss


Security Impact Rating: Medium
CVE: CVE-2018-15461
Categories: Cisco

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tms-xss


Security Impact Rating: Medium
CVE: CVE-2018-15467
Categories: Cisco

Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server.

An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp


Security Impact Rating: Medium
CVE: CVE-2018-0282
Categories: Cisco

Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss


Security Impact Rating: Medium
CVE: CVE-2018-0482
Categories: Cisco

Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device.

The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection


Security Impact Rating: Medium
CVE: CVE-2018-0461
Categories: Cisco

Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system.

The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss


Security Impact Rating: Medium
CVE: CVE-2018-0483
Categories: Cisco

Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges.

The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jabr-mac-permissions


Security Impact Rating: Medium
CVE: CVE-2018-0449
Categories: Cisco

Cisco Identity Services Engine Password Recovery Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text.

The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-passwd


Security Impact Rating: Medium
CVE: CVE-2018-15456
Categories: Cisco

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

For more information about these vulnerabilities, see the Details section of this security advisory.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss


Security Impact Rating: Medium
CVE: CVE-2018-15440,CVE-2018-15463
Categories: Cisco

Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration.

The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ios-ssh-vrf


Security Impact Rating: Medium
CVE: CVE-2018-0484
Categories: Cisco

Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.

The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-fpwr-mc-dos


Security Impact Rating: Medium
CVE: CVE-2018-15458
Categories: Cisco

Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos


Security Impact Rating: High
CVE: CVE-2018-15460
Categories: Cisco

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device.

The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos


Security Impact Rating: Critical
CVE: CVE-2018-15453
Categories: Cisco

Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text.

The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr


Security Impact Rating: Medium
CVE: CVE-2018-0474
Categories: Cisco

Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server.

The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.

Cisco has released software updates that address this vulnerability for Cisco Policy Suite for Mobile.

Currently there is no software release available for Cisco Policy Suite Diameter Routing Agent software. There are no workarounds that address this vulnerability, but a mitigation for Cisco Policy Suite Diameter Routing Agent software exists. See the Workarounds section for more details.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cps-redis


Security Impact Rating: Medium
CVE: CVE-2018-0181
Categories: Cisco

Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed.

The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cps-graphite-access


Security Impact Rating: Medium
CVE: CVE-2018-15466
Categories: Cisco

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 01/09/2019 - 5:00pm

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cpi-xss


Security Impact Rating: Medium
CVE: CVE-2018-15457
Categories: Cisco

Pages