Mar
5
2014

February 2014: five Cisco vulnerabilities

  • Cisco Prime Infrastructure Command Execution Vulnerability
  • Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
  • Multiple Vulnerabilities in Cisco IPS Software
  •  Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
  • Cisco UCS Director Default Credentials Vulnerability


Cisco Prime Infrastructure Command Execution Vulnerability
A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

Vulnerable Products
Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 are affected by this vulnerability.

Details
A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.

Impact
Successful exploitation of the vulnerability may allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

Link: http://tools.cisco.com/…/cisco-sa-20140226-pi

 

Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

Vulnerable Products
Only the Cisco Unified 3905 Phone is affected by this vulnerability.

Details
A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.  This vulnerability is due to an undocumented test interface in the TCP service listening on port 7870 of the affected device.

Impact
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

Link: http://tools.cisco.com/…/cisco-sa-20140219-phone

 

Multiple Vulnerabilities in Cisco IPS Software
Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities:

  • Cisco IPS Analysis Engine Denial of Service Vulnerability
  • Cisco IPS Control-Plane MainApp Denial of Service Vulnerability
  • Cisco IPS Jumbo Frame Denial of Service Vulnerability

Vulnerable Products
Cisco IPS Analysis Engine Denial of Service Vulnerability. The following products are affected by the Cisco IPS Analysis Engine Denial of Service Vulnerability:

  • Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) software and hardware modules
  • Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM)
  • Cisco IPS 4200 Series Sensors
  • Cisco IPS 4300 Series Sensors
  • Cisco IPS 4500 Series Sensors

Cisco IPS Control-Plane MainApp Denial of Service Vulnerability. The following products are affected by the Cisco IPS Control-Plane MainApp Denial of Service Vulnerability:

  • Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC)
  • Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM)
  • Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) software and hardware modules

Cisco IPS Jumbo Frame Denial of Service Vulnerability. The following products are affected by the Cisco IPS Jumbo Frame Denial of Service Vulnerability:

  • Cisco IPS 4500 Series Sensors

Details
Cisco IPS Analysis Engine Denial of Service Vulnerability: A vulnerability in the produce-verbose-alert code of Cisco Intrusion Prevention System (IPS) Software could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive.

Cisco IPS Control-Plane MainApp Denial of Service Vulnerability: A vulnerability in the implementation of the control-plane access list of the Cisco IPS Software could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive.

Cisco IPS Jumbo Frame Denial of Service Vulnerability: A vulnerability in Cisco IPS code that handles jumbo frames could allow an unauthenticated, remote attacker to cause the Analysis Engine process to become unresponsive.

Impact
Successful exploitation of the Cisco IPS Analysis Engine Denial of Service Vulnerability and the Cisco IPS Jumbo Frame Denial of Service Vulnerability may cause the Analysis Engine process to become unresponsive. When this occurs, the Cisco IPS will stop inspecting traffic. Successful exploitation of the Cisco IPS Control-Plane MainApp Denial of Service Vulnerability may cause the MainApp process to become unresponsive and prevent it from executing several tasks including alert notification, event store management, and sensor authentication. The Cisco IPS web server will also be unavailable while the MainApp process is unresponsive, and other processes such as the Analysis Engine process may not work properly.

Link: http://tools.cisco.com/…/cisco-sa-20140219-ips

 

Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system.

Vulnerable Products
Cisco FWSM is affected by this vulnerability if the cut-through proxy function is enabled. This function can be enabled for authentication, authorization and accounting via the match command or include commands. To determine whether this feature is in use, use the show running-config aaa authentication| include match|include command and verify that it returns output. Configurations that use an external AAA server or the Cisco FWSM local user database for AAA are vulnerable.

Details
A vulnerability in the cut-through proxy function of Cisco Firewall Services Module (FWSM) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication. An exploit could allow the attacker to trigger a reload of the affected system. Repeated exploitation could result in a denial of service (DoS) condition.

Impact
Successful exploitation of the vulnerability may cause the reload of an affected system. Repeated exploitation could result in a denial of service (DoS) condition.

Link: http://tools.cisco.com/…/cisco-sa-20140219-fwsm

 

Cisco UCS Director Default Credentials Vulnerability
A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device.

Vulnerable Products
Cisco UCS Director Software versions prior to Cisco UCS Director Release 4.0.0.3 HOTFIX are affected by this vulnerability.

Details
A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system.

Impact
Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to take complete control of the affected device.

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

Summary
Article Name
February 2014: five Cisco vulnerabilities
Description
February 2014: The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories.
Author