Menu
Cisco issues 7 “high priority” security advisories; Firepower, IOS and ASA issues among them

Cisco issues 7 “high priority” security advisories; Firepower, IOS and ASA issues among them

Cisco: Four high priority security issues are found Cisco’s Adaptive Security Appliance (ASA) Software

Cisco had a pretty large dump of security advisories today – seven “high priority” and one “critical” – impacting a variety of products many with the threat allowing a remote attacker to cause a denial of service.

First up this week Cisco said a vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) software could let an unauthenticated, remote attacker cause a denial of service (DoS) attack.

+More on Network World: Cisco certifications target business professionals eyeing software roles+

“The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages.

"An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically,” Cisco stated.

Cisco said a vulnerability in its Firepower System Software, specifically in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets feature, could let an attacker cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.

“The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device.

"An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped,” Cisco said.

Another high priority problem exists with the EnergyWise module of Cisco IOS and Cisco IOS XE Software which could let an attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.

“These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device.

"An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition,” Cisco stated.

+More on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

The next four high priority security issues are found Cisco’s Adaptive Security Appliance (ASA) Software which supports a variety of security features for ASA appliances, blades, and virtual appliances.

Cisco ASA products are frequently configured to support VPNs, though many say the product’s most powerful features are its ability to integrate IP routing, firewall, network antivirus, intrusion prevention and VPN features in a single device.

The first ASA problem: A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could let attacker to cause a reload of an affected system.

“The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Only traffic directed to the affected system can be used to exploit this vulnerability.

"This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic.

"A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication,” Cisco stated.

The next high priority issue is a vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software.

“The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability,” Cisco wrote.

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system.

“The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability.

"This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. An attacker needs to establish a valid IPsec tunnel before exploiting this vulnerability,” Cisco stated.

Lastly, Cisco says a vulnerability in the DNS code of ASA Software could let an unauthenticated, remote attacker cause an affected device to reload or corrupt the information present in the device's local DNS cache.

“The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.

"Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic,” Cisco wrote.

Cisco said it has released software to tackle all seven of these vulnerabilities.

Cisco continues to list the Apache Struts2 Jakarta vulnerability as “critical.” Apache in March disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using acrafted Content-Type, Content-Disposition, or Content-Length value.

Cisco said it continues to investigate its product line to determine which products may be affected by this vulnerability and the impact on each affected product. It recommends customers refer to the Vulnerable Products and Products Confirmed Not Vulnerable sections of its advisory.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ciscocyber attack

More about ApacheASACiscoTransport

Show Comments
[]