[SingCERT] High-Severity Vulnerabilities in Cisco Products

Published on Friday, 05 July 2019 16:56

Background

Cisco has released security updates to address vulnerabilities found in multiple Cisco products.
   
Ten high-severity vulnerabilities were identified and they require immediate attention. The vulnerabilities are:

  • CVE-2019-1886 - A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition.
  • CVE-2019-1892 - A vulnerability in the Secure Sockets Layer input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device.
  • CVE-2019-1891 - A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
  • CVE-2019-1894 - A vulnerability in Cisco Enterprise Network Function Virtualisation Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying Operating System (OS) of an affected device.
  • CVE-2019-1893 - A vulnerability in Cisco Enterprise NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying OS of an affected device as root.
  • CVE-2019-1890 - A vulnerability in the fabric infrastructure Virtual Local Area Network (VLAN) connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorised server to the infrastructure VLAN.
  • CVE-2019-1855 - A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a Dynamic-link Library (DLL) preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
  • CVE-2019-1887 - A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a DoS condition.
  • CVE-2019-1889 - A vulnerability in the Representational State Transfer Application Programming Interface (REST API) for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device.CVE-2019-1884 - A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a DoS condition on an affected device.       
Affected Products  

These vulnerabilities affect products running vulnerable software releases of:

  • Cisco AsyncOS Software for Cisco WSA
  • Cisco Small Business 200, 300, and 500 Series Managed Switches running software releases prior to 1.4.10.6
  • Cisco Enterprise NFV Infrastructure Software (NFVIS) releases prior to 3.10.1
  • Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 14.1(2g)
  • Cisco Jabber for Windows software releases prior to 12.6(0)
  • Cisco Unified Communications Manager
  • Cisco APIC Software releases prior to 4.1(2g)
  • Cisco AsyncOS Software for Cisco Web Security Appliance
Impact

Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system and perform malicious activities, including denial of service DoS, memory corruption, execution of arbitrary commands on the underlying OS of an affected device as root, circumvention of security validations and connection of an unauthorised server to the infrastructure VLAN to perform a DLL preloading attack.

Recommendations

Users and system administrators of the affected products are advised to install the latest security updates available immediately. More details on the security alerts can be found at https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

References

https://tools.cisco.com/security/center/publicationListing.x