November 2013: three Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories:

  • Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
  • Cisco WAAS Mobile Remote Code Execution Vulnerability
  • Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
The vulnerability is due to a coding error that resets the password for the admin user to a blank password on every reboot. An attacker could exploit this vulnerability by logging in to the administrative interface as the admin user with a blank password.

Vulnerable Products
Cisco TelePresence VX Clinical Assistant units running software version 1.2 are affected by this vulnerability.

Details
A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password.

The vulnerability is due to a coding error that resets the password for the admin user to a blank password on every reboot. An attacker could exploit this vulnerability by logging in to the administrative interface as the admin user with a blank password.

This vulnerability will reset the password for the “admin” user to a blank password on every reboot whether a password has been set for the user or not. Any passwords configured for the “admin” user remain valid only until the next system reboot, when it will be overwritten by a blank password. Password for other users on the system are not impacted by this vulnerability.

Impact
Successful exploitation of the vulnerability allows an attacker to gain full administrative control over the affected device.

Link: http://tools.cisco.com/…/cisco-sa-20131106-tvxca

 

Cisco WAAS Mobile Remote Code Execution Vulnerability
Cisco Wide Area Application Services (WAAS) Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services (IIS) web server.

Vulnerable Products
Cisco WAAS Mobile server versions prior to 3.5.5 are affected by this vulnerability.

Details
The vulnerability is due to insufficient validation of user-supplied data in the body of an HTTP POST request. An attacker could exploit this vulnerability by crafting an HTTP POST request for content upload that would result in an uncontrolled directory traversal. An exploit could allow the attacker to execute arbitrary code on the WAAS Mobile server with the privileges of the IIS web server.

Impact
Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privilege level of the IIS web server. The privilege level in a default IIS configuration would not allow a complete compromise of the Cisco WAAS Mobile server.

Link: http://tools.cisco.com/…/cisco-sa-20131106-waasm

 

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities.

Vulnerable Products
Cisco devices are affected when they are running affected Cisco IOS Software releases that are configured to process SIP messages. The following Cisco IOS Software releases are affected by this vulnerability:

  • 15.1(4)GC and 15.1(4)GC1
  • 15.1(4)M4, 15.1(4)M5 and 15.1(4)M6

Details
The vulnerability is due to incorrect processing of specially crafted SIP messages. An attacker could exploit this vulnerability by sending specific valid SIP messages to the SIP gateway. An exploit could allow the attacker to trigger a memory leak or a device reload.

This vulnerability is triggered when a device that is running Cisco IOS Software processes specific, valid SIP messages. Only traffic destined to the device can trigger the vulnerability; transit SIP traffic is not an exploit vector. This vulnerability can be exploited with SIP over IPv4 or IPv6 communications protocol.

Impact
Successful exploitation of the vulnerability in this advisory may result in system instabilities or a reload of an affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition.

Link: http://tools.cisco.com/…/cisco-sa-20131106-sip

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.