This week, Cisco issued security updates fixing various product-wide vulnerabilities, including significant severe defects affecting IP Phones and the UCS manager.
The critical vulnerability fixed by IP Phones affects the web server and can allow an unauthenticated, remote attacker to execute root privileged code. The bug has a ranking of 9.8 for CVSS.
The issue is monitored as CVE-2020-3161, as the input in HTTP requests is not validated correctly. An attacker can, therefore, exploit the defect by sending a custom HTTP request to a compromised device’s web server.
“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer,” Tenable, which reported the bug to Cisco, explains.
IP Phone 7811, IP Phone 7811, IP Phone 7841 and Mobile Phones 8861, 8841, 8845, 8855, 8861 and 8865, Unified IP Conference Telephone 8831 and Wireless IP Telephone 8821 and Wireless IP Telephone 8821 and 8821-EX are impaired.
Cisco published security updates to fix the vulnerability this week. While the company is aware of the defect being revealed publicly (Tenable has released a DoS proof-of-concept), it is not aware of the attack bogue.
A total of three critical vulnerabilities have been identified in Cisco UCS Director and UCS Director Express for Big Data, both of which have been found in REST API. Bugs can bypass authentication or bring via directory attacks from remote, non-authenticated attackers.
The faults are tracked as CVE-2020-3239, CVE-2020-3240 and CVE-2020-3243 and are attributable to an inadequate validation of the access control and incorrect validation of the data. All three problems were dealt with in UCS Director 220.127.116.11 and UCS Express Director 18.104.22.168.
In the last week, Cisco has released fixes for seven significant vulnerabilities involving applications for WLC, Webex Network Recording Player and Webex App, Mobility Express Applications, Unified Communications Manager (UCM) and Aironet Series Access Points Software.
Six of the vulnerabilities may be exploited by remote unauthenticated attackers to cause Denial of service (DoS), execute forgery (CSRF) or conduct directory cross-site attacks. The Webex Player bug could lead to remote execution of code.
To fix these flaws, Cisco released free software patches and confirmed that it is not aware of any comments or malicious use of those bugs. Details on each vulnerability can be found on Cisco’s website help.