Multiple Cisco IOS/IOS XE vulnerabilities posted

Folks – it’s time to tick everyone off with network maintenance windows!  Cisco PSIRT released 30 vulnerabilities in their router firmware across multiple versions of IOS and IOS EX.  Three critical vulnerabilities include one hard-coded credential affecting all IOS XE routers running IOS XE v16, and two which affect v15 under certain conditions.  Fifteen high risk vulnerabilities run the gamut from denial of service, buffer overflow, and privileged escalation.

A complete list follows, and I will update it as more come in today.

Title Importance Vulnerability Requirements
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Critical Remote Code Execution Only if Smart Install client enabled
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability Critical Remote Code Execution If “show udp” command shows active UDP connection
Cisco IOS XE Software Static Credential Vulnerability Critical Hardcoded Credentials All devices running IOS XE
Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability High Priviledge Elevation Only affected if HTTP enabled and AAA not configured
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability High Remote DoS Only if SNMP enabled
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability High Remote DoS Only if SNMP enabled
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability High Remote DoS Only if Smart Install client enabled
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities High Priviledge Elevation All devices running IOS XE
Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability High Remote DoS Only if Cisco Umbrella integration active
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities High Buffer Overflow Only if LLDP is configured
Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability High Remote DoS All devices running IOS XE including Catalyst Switches
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability High Remote DoS Only if IKEv1 enabled
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability High Remote DoS Only if IKE enabled
Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability High Remote DoS Only if IP Multicast Routing enabled
Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability High Remote DoS Only if “zone security” enabled
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability High Remote DoS Only if Cisco ISM-VPN installed and running
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability High Remote DoS Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability High Remote DoS Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability High Remote DoS Only if DHCP Relay Agent (ip helper) running and option 82 insertion/encapsulation configured
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability High Remote DoS Only select models of supervisor engine when BFD enabled
Cisco IOS XE Software Arbitrary File Write Vulnerability Medium Write to arbitrary files Only affected if HTTP enabled
Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities Medium Cross-site scripting Only affected if HTTP enabled
Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities Medium Remote DoS Only if Smart Install client enabled
Cisco IOS XE Software Switch Integrated Security Features IPv6 Denial of Service Vulnerability Medium Local DoS Only certain models w/ integrated switch and IPv6 interface
Cisco IOS XE Software REST API Authorization Bypass Vulnerability Medium Authorization Bypass Affects all IOS XE – but only if REST API used?
Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability Medium Priviledge Elevation Cisco 4000 series ISRs
Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability Medium Priviledge Elevation All devices running IOS XE
Cisco IOS Software 802.1x Multiple-Authentication Port Authentication Bypass Vulnerability Medium Authentication Bypass Only if 802.1X in multi-auth mode
Cisco IOS XE Software CLI Command Injection Vulnerabilities Medium Local Command Injection All devices running IOS XE
Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability Medium Remote DoS All devices running IOS XE

Leave a Reply

Your email address will not be published. Required fields are marked *