Jul
4
2011

June 2011: four Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories:

  • Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
  • Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
  • Default Credentials Vulnerability in Cisco Network Registrar
  • Default Credentials for root Account on the Cisco Media Experience Engine 5600

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by the following vulnerabilities:

  • Arbitrary Program Execution Vulnerability
  • Local Privilege Escalation Vulnerability

Vulnerable Products
The vulnerabilities described in this document apply to the Cisco AnyConnect Secure Mobility Client. The affected versions are included in the following table:

  • Arbitrary Program Execution Vulnerability
    • Microsoft Windows: All versions prior to 2.3.185
    • Linux, Apple MacOS X: All versions in major releases other than 2.5.x and 3.0.x. /2.5.x releases prior to 2.5.3041 / 3.0.x releases prior to 3.0.629
  • Local Privilege Escalation Vulnerability
    • Microsoft Windows: All versions prior to 2.3.254
    • Linux, Apple MacOS X: Not affected

Details
The Cisco AnyConnect Secure Mobility Client is the Cisco next-generation VPN client, which provides remote users with secure IPsec (IKEv2) or SSL Virtual Private Network (VPN) connections to Cisco 5500 Series Adaptive Security Appliances (ASA) and devices that are running Cisco IOS Software.

The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities:

  • Arbitrary Program Execution Vulnerability
  • Additional Considerations for the Arbitrary Program Execution Vulnerability
  • Local Privilege Escalation Vulnerability

Impact

  • Arbitrary Program Execution Vulnerability: Exploitation of this vulnerability may allow an attacker to execute arbitrary programs on the computer of a Cisco AnyConnect Secure Mobility Client user with the privileges of the user who is establishing the VPN connection.
  • Local Privilege Escalation Vulnerability: Successful exploitation of this vulnerability may allow users with physical access to a computer that is running the Cisco AnyConnect Secure Mobility Client to elevate their privileges and gain full control of the system.

Link: http://www.cisco.com/…/advisory09186a0080b80123.shtml

Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability.

Vulnerable Products
Refer to the following link to determine what product upgrade and substitution options are available: http://www.cisco.com/…/prod_eol_notices_list.html

Details
Cisco Unified IP Phones 7900 Series devices are affected by two privilege escalation vulnerabilities and a signature bypass vulnerability. The following sections provide the details of each vulnerability addressed in this security advisory.

  • Privilege Escalation Vulnerabilities: Cisco Unified IP Phones 7900 Series devices are affected by two privilege escalation vulnerabilities that could allow an authenticated attacker to make unauthorized phone configuration changes or obtain potentially sensitive information.
  • Signature Verification Bypass Vulnerability: Cisco Unified IP Phones 7900 Series devices are affected by a signature verification bypass vulnerability that could allow an authenticated attacker to load a software image without verification of its signature.

Impact
Successful exploitation of the two privilege escalation vulnerabilities could allow an authenticated attacker to change phone configuration and obtain system information. Successful exploitation of the signature verification bypass vulnerability that could allow an authenticated attacker to load and execute a software image without verification of its signature.

Link: http://www.cisco.com/…/advisory09186a0080b80111.shtml

Default Credentials Vulnerability in Cisco Network Registrar
Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.

Vulnerable Products
This vulnerability affects all releases of Cisco Network Registrar prior to Software Release 7.2. The vulnerability is present in the affected releases on all platforms.

Details
Cisco Network Registrar provides highly scalable and reliable DNS, DHCP, and TFTP services. The central management capabilities of Cisco Network Registrar simplify administrative tasks associated with network and device configuration.

Impact
Successful exploitation of the vulnerability may allow an attacker to make arbitrary changes to the configuration of Cisco Network Registrar.

Link: http://www.cisco.com/…/advisory09186a0080b80121.shtml

Default Credentials for root Account on the Cisco Media Experience Engine 5600
Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.

Vulnerable Products
This vulnerability affects Cisco MXE 5600 units that are running Cisco Media Processing Software releases prior to 1.2. To determine the software release that is running on a Cisco MXE unit, log in to the device and issue the show version command-line interface (CLI) command to display the system banner

Details
The Cisco Media Experience Engine (MXE) 5600 is a modular media-processing platform that provides advanced media-processing and media-transformation services.

Impact
Successful exploitation of the vulnerability may allow an unauthorized user to modify the software configuration and the operating system settings or gain complete administrative control of the device.

Link: http://www.cisco.com/…/advisory09186a0080b80122.shtml