[SingCERT] Critical Cisco PI, EPN and Webex Vulnerabilities (CVE-2019-1821, CVE-2019-1822, CVE-2019-1823, CVE-2019-1771, CVE-2019-1772, CVE-2019-1773)

Published on 17 May 2019

Updated on 23 Oct 2019

Background

Cisco has released software patches to address critical vulnerabilities found in Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager, which are tools used to manage wireless and wired network infrastructure and Cisco Webex, which is a video conferencing and collaboration tool.

Critical vulnerabilities found in these products include:

CVE-2018-0222, CVE-2018-0268 and CVE-2018-0271: Cisco PI and EPN were patched for several vulnerabilities which scored the maximum Common Vulnerability Score System (CVSS) severity base score of 10 out of 10. An attacker can exploit these vulnerabilities by uploading a malicious file to the administrative web interface. Successful exploitation allows the attacker to execute code with full (root-level) privilege on the underlying operating system.

CVE-2019-1771, CVE-2019-1772 and CVE-2019-1773: Cisco Webex Network Recording Player and the Cisco Webex Player for Microsoft Windows were patched for several flaws. An attacker can exploit these vulnerabilities by sending a user an Advanced Recording Format (ARF) or WebEx Recording Format (WRF) file, to trick the user into opening the file which will then allow the attacker to execute the malicious code remotely on the local system. The CVE is rated high-severity as it requires user interaction.

Affected Products

  • Cisco Prime Infrastructure before 3.4.1, 3.5, and 3.6
  • Evolved Programmable Network Manager before 3.0.1
  • Cisco Webex Business Suite sites — All Webex Network Recording Player and Webex Player versions before Version WBS39.2.205
  • Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player versions before Version 1.3.42
  • Cisco Webex Meetings Server — All Webex Network Recording Player versions before Version 2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2 or 4.0
Impact

Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system and perform malicious activities, including modifying and installing programs; view, change, or delete data; or create new accounts with full user rights.

Recommendations

Users and administrators are recommended to download and install the security updates immediately.

For more information, please refer to the following resources: