Cisco announced on Wednesday that it’s patched several vulnerabilities affecting its products, including shortcomings in Small Business routers and switches.
Of the eight vulnerabilities for which Cisco published this week’s advisory, only CVE-2020-3297 was classified as high severity. This security hole affects some small business and managed switches, and enables a remote, unauthenticated attacker to access the management interface of a system by hijacking the session of a legitimate user.
“The weakness stems from the use of weak entropy generation to define session values,” Cisco explained in an advisory. “An attacker could exploit this vulnerability by using brute force to determine a current session identifier and reuse the session identifier to take over a session in progress. In this way, an attacker could take action with privileges up to the level of administrative user within the management interface.
On Thursday morning, CyCognito, whose researchers discovered this vulnerability, released a blog post detailing its findings.The company told that the vulnerability is a reflected XSS, and exploitation includes making the targeted consumer click on a specially designed connection.
“An XSS flaw in the admin interface of a router means that the most likely targets for an attack will be router administrators,” CyCognito explained. “Attackers would be able to perform actions that an administrator could, view information they could (including their keystrokes, browser history, clipboard, etc.), modify information, and potentially steal and use admin authentication information to access the vulnerable router at will, or try to access other systems using those credentials (i.e., move laterally).”
The remaining vulnerabilities for which Cisco issued advisories this week are problems of medium severity concerning the macOS Identity Services System, Digital Network Architecture Center, Unified Customer Voice Server, Unified Communications Manager and AnyConnect Secure Mobility Application.
It is possible to exploit these security holes for DoS and XSS attacks, and to access potentially sensitive information. Many of them can be remotely controlled, without authentication.