Security Alerts

Cisco Registered Envelope Service Open Redirect Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page.

The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge.

More information can be found at the following link: https://cwe.mitre.org/data/definitions/601.html

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page.

The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. This type of exploit is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge.

More information can be found at the following link: https://cwe.mitre.org/data/definitions/601.html

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
Security Impact Rating: Medium
CVE: CVE-2017-3889
Categories: Security Alerts

Cisco IOS XE Software Startup Script Local Command Execution Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user.

The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user.

The vulnerability is due to insufficient validation of ROMMON variables values. An attacker could exploit this vulnerability by manipulating the content of some ROMMON variables, which will allow an external script containing the command to execute at boot time. A reload of the affected system is needed to exploit the vulnerability. An attacker would need console access to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe
Security Impact Rating: Medium
CVE: CVE-2017-6606
Categories: Security Alerts

Cisco IOS XR Software Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the emsd process to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by sending malformed gRPC requests repeatedly to the affected device. An exploit could allow the attacker to cause the emsd process to crash.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
Security Impact Rating: Medium
CVE: CVE-2017-6599
Categories: Security Alerts

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.

The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks.

The vulnerability occurs because the application does not sufficiently protect sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to obtain sensitive information about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
Security Impact Rating: Medium
CVE: CVE-2017-3884
Categories: Security Alerts

Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.

The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with root access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.

The vulnerability is due to incorrect permissions being assigned to configured users on the device. An attacker could exploit this vulnerability by authenticating to the device and issuing certain commands at the CLI. A successful exploit could allow the attacker to access the underlying operating system shell with root access.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
Security Impact Rating: Medium
CVE: CVE-2016-9197
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2 A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside the expected path and gain access to other devices.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2
Security Impact Rating: Medium
CVE: CVE-2017-6602
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1 A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user’s privilege level outside of the user’s path.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1
Security Impact Rating: Medium
CVE: CVE-2017-6601
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
 
The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack.
 
The vulnerability is due to insufficient input validation for the affected command. An authenticated, local attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary system commands with the privileges of the authenticated user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli
Security Impact Rating: Medium
CVE: CVE-2017-6597
Categories: Security Alerts

Cisco Integrated Management Controller Redirection Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system, which could cause the web interface of the affected software to redirect the request to a malicious URL. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
Security Impact Rating: Medium
CVE: CVE-2017-6604
Categories: Security Alerts

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.

The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1 A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts.

The vulnerability is due to improper error handling of an SSL packet in an established SSL connection. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts, causing traffic inspection to be bypassed or traffic to be dropped.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1
Security Impact Rating: Medium
CVE: CVE-2017-3887
Categories: Security Alerts

Cisco Firepower Detection Engine SSL Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.

The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.

The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw
Security Impact Rating: Medium
CVE: CVE-2017-3885
Categories: Security Alerts

Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The system could push IPv6 traffic to the processor even when the device is not configured for IPv6, which could cause other control packets to be affected. A successful exploit could allow the attacker to cause a DoS condition on the system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr
Security Impact Rating: Medium
CVE: CVE-2017-6603
Categories: Security Alerts

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability

Cisco Security Advisories - Wed, 2017-04-05 14:00
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
Security Impact Rating: Critical
CVE: CVE-2017-3834
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator - Security Alerts