AKTUELLE CISCO SICHERHEITSLÜCKEN

Cisco hat aktuell diverse Security Advisories im Routing-Switching- bzw. Security-Bereich veröffentlicht:

  • Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability
  • Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability
  • Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability
  • Cisco Firepower Management Center Cross-Site Scripting Vulnerability CSCvc50771 (unauthenticated)
  • Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability

 


CISCO IR800 INTEGRATED SERVICES ROUTER ROM MONITOR INPUT VALIDATION VULNERABILITY

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system.

The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device.

There are no workarounds that address this vulnerability.

 

KNOWN AFFECTED RELEASES: KNOWN FIXED RELEASES:


15.6(1)T 15.7(3.1.4A)OT
15.7(0.2)M
15.6(3.0t)M
15.6(3)M1

 

You can find further information in the official Cisco Advisory by following this link:

 


CISCO IOS AND CISCO IOS XE SOFTWARE IPV6 SNMP MESSAGE HANDLING DENIAL OF SERVICE VULNERABILITY

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device.

The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device.

There are workarounds that address this vulnerability.

The workaround for this vulnerability is to filter object identifiers (OIDs) that would poll for IPv6 sub block information.

Any OID which requires the IPV6 sub-block to be accessed needs to be excluded for this. Currently both ip and ipv6-related OID-s are supported as part of IP-MIB. Hence excluding this MIB will avoid the issue. Apart from this, excluding polling of any ip-address related OID like ipAddressEntry, ipAddressTable etc. will also avoid the issue.