Feb
7
2014

January 2014: five Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories:

  • Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
  • Cisco TelePresence System Software Command Execution Vulnerability
  • Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
  • Multiple Vulnerabilities in Cisco Secure Access Control System
  • Undocumented Test Interface in Cisco Small Business Devices

Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel), causing all calls to be terminated and preventing users from making new calls.

Vulnerable Products
All releases of Cisco TelePresence ISDN Gateway Software prior to 2.2(1.92) running on Cisco TelePresence ISDN GW 3241 or Cisco TelePresence ISDN GW MSE 8321 are affected by this vulnerability.

Details
A vulnerability in the code handling the ISDN Q.931 signaling protocol of the Cisco TelePresence ISDN Gateway could allow an unauthenticated, remote attacker to trigger a drop of the data channel (D-channel), causing all calls to be terminated and preventing users from making new calls. The vulnerability is due to improper handling of a crafted Q.931 STATUS message. An attacker could exploit this vulnerability by injecting crafted packets in the Q.931 flow. An successful exploit could allow the attacker to trigger a drop of the D-channel. As a result, all active calls handled by the affected system will be terminated and it will not be possible to establish new calls until the D-channel communication is restored. A software reload is necessary to restore normal behavior.

Impact
Successful exploitation of the vulnerability may cause a drop of the ISDN D-channel which will cause all active calls to be dropped. Additionally, new calls will not be possible until the affected system is reloaded.

Link: http://tools.cisco.com/…/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw

 

Cisco TelePresence System Software Command Execution Vulnerability
Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.

Vulnerable Products
This vulnerability affects Cisco TelePresence System Software running on the following hardware:

  • Cisco TelePresence System 500-32
  • Cisco TelePresence System 500-37
  • Cisco TelePresence System 1000
  • Cisco TelePresence System 1100
  • Cisco TelePresence System 1300-65
  • Cisco TelePresence System 3000
  • Cisco TelePresence System 3010
  • Cisco TelePresence System 3200
  • Cisco TelePresence System 3210
  • Cisco TelePresence System TX1300 47 (Also Known As the TX1300-47)
  • Cisco TelePresence System TX1310 65
  • Cisco TelePresence System TX9000
  • Cisco TelePresence System TX9200

Details
The vulnerability is due to improper validation of parameters passed to the SSCD code via an XML-remote procedure call (RPC). An attacker could exploit this vulnerability by sending crafted XML-RPC messages. An exploit could allow the attacker to execute arbitrary calls via stack corruption with the privilege of the root user.

Impact
Successful exploitation of the vulnerability may cause an attacker to execute arbitrary commands via stack corruption with the privileges of the root user.

Link: http://tools.cisco.com/…/CiscoSecurityAdvisory/cisco-sa-20140122-cts

 

Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded.

Vulnerable Products
This vulnerability affects Cisco TelePresence VCS Control, Cisco TelePresence VCS Expressway, and Cisco TelePresence VCS Starter Pack Expressway running Cisco TelePresence VCS Software prior to X8.1. Cisco TelePresence VCS hardware and virtual appliances are both affected by this vulnerability.

Details
A vulnerability in the Session Initiation Protocol (SIP) module of Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to trigger the failure of several critical processes, which may cause the termination of active calls. New calls will also not be established until the affected system is restored. The vulnerability is due to improper handling of crafted Session Description Protocol (SDP) messages. An attacker could exploit this vulnerability by sending a crafted SDP message to the affected system. An exploit could allow the attacker to trigger the failure of several critical processes, which may cause the affected system to not function properly; active calls will be terminated and new calls will not be possible until the affected system is restored. A reload is needed to restore correct functionality. This vulnerability can be triggered by SDP messages sent via UDP or TCP. Deployment using Transport Layer Security (TLS) will also be affected.

Impact
Successful exploitation of the vulnerability may cause the failure of several internal critical processes and the affected system will not be able to function properly; active calls will be terminated and new calls will not be possible until the affected system is restored. A reload is needed to restore correct functionality.

Link: http://tools.cisco.com/…/CiscoSecurityAdvisory/cisco-sa-20140122-vcs

 

Multiple Vulnerabilities in Cisco Secure Access Control System
Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities:

  • Cisco Secure ACS RMI Privilege Escalation Vulernability
  • Cisco Secure ACS RMI Unauthenticated User Access Vulnerability
  • Cisco Secure ACS Operating System Command Injection Vulnerability

Vulnerable Products
All releases of Cisco Secure ACS prior to release 5.5 are affected by the RMI-based vulnerabilities in this advisory. All releases of Cisco Secure ACS prior to ACS 5.4 patch 3 are affected by the OS command injection vulnerability in this advisory.

Details
Cisco Secure ACS RMI Privilege Escalation Vulernability: A vulnerability in the RMI interface of Cisco Secure ACS could allow an authenticated, remote attacker to perform actions as superadmin. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by accessing the ACS via the RMI interface using an authenticated user account. An exploit could allow the attacker to perform superadmin functions via RMI.

Cisco Secure ACS RMI Unauthenticated User Access Vulnerability: A vulnerability in the RMI interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to access the ACS via the RMI interface. The vulnerability is due to insufficient authentication and authorization enforcement. An attacker could exploit this vulnerability by accessing the ACS via the RMI interface. An exploit could allow the attacker to access the ACS and perform administrative actions.

Cisco Secure ACS Operating System Command Injection Vulnerability: A vulnerability in the web interface of Cisco Secure ACS could allow an authenticated, remote attacker to inject operating system-level commands.The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting operating system commands into a specific location of the ACS web interface. An exploit could allow the attacker to perform operating system-level commands without shell access, impacting the confidentiality, integrity, or availability of the system.

Impact
Successful exploitation of the Cisco Secure ACS RMI Privilege Escalation Vulernability could allow an unprivileged, authenticated attacker to have privileged access to the affected system via the RMI interface.

Successful exploitation of the Cisco Secure ACS RMI Unauthenticated User Access Vulnerability could allow an unauthenticated attacker to have privileged access to the affected system via the RMI interface.

Successful exploitation of the Cisco Secure ACS Operating System Command Injection Vulnerability could allow an authenticated attacker to perform operating system-level commands from the ACS web interface.

Link: http://tools.cisco.com/…/CiscoSecurityAdvisory/cisco-sa-20140115-csacs

 

Undocumented Test Interface in Cisco Small Business Devices
A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

Vulnerable Products
The following products are affected by the vulnerabilities that are described in this advisory:

  • Cisco RVS4000 4-port Gigabit Security Router running firmware version 2.0.3.2 and prior
  • Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 and prior
  • Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version 2.0.2.1 and prior
  • Cisco WAP4410N Wireless-N Access Point running firmware version 2.0.6.1 and prior

Details
This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.

Impact
Successful exploitation of the vulnerabilities described in this document could allow an unauthenticated, remote attacker to execute arbitrary commands on the device with elevated privileges. This could cause the device to become unresponsive or cause the device configuration to restore to the factory default.

Link: http://tools.cisco.com/…/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

Summary
Article Name
January 2014: five Cisco vulnerabilities
Description
January 2014: The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories.
Author