Cisco Security Advisories

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

Wed, 2021-08-25 16:00

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.

This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J


Security Impact Rating: High
CVE: CVE-2021-1578
Categories: Security Alerts

Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities

Wed, 2021-08-25 16:00

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW


Security Impact Rating: Medium
CVE: CVE-2021-1580,CVE-2021-1581
Categories: Security Alerts

Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

Wed, 2021-08-25 15:49

Update from August 25, 2021: Cisco found that this vulnerability was present in additional releases of Cisco NX-OS Software with the introduction of Python 3 support. For more information, see the Fixed Software section of this advisory.

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level.

This vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level.

To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal


Security Impact Rating: Medium
CVE: CVE-2019-1727
Categories: Security Alerts

BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021

Wed, 2021-08-18 23:00

On August 17, 2021, BlackBerry released a security advisory, QNX-2021-001, that disclosed an integer overflow vulnerability in the following BlackBerry software releases:

  • QNX Software Development Platform (SDP) – 6.5.0SP1 and earlier
  • QNX OS for Medical – 1.1 and earlier
  • QNX OS for Safety – 1.0.1 and earlier

A successful exploit could allow an attacker to execute arbitrary code or cause a denial of service (DoS).

For a description of this vulnerability, see QNX-2021-001.

This advisory will be updated as additional information becomes available. 

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL


Security Impact Rating: Critical
CVE: CVE-2021-22156
Categories: Security Alerts

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5


Security Impact Rating: Critical
CVE: CVE-2021-34730
Categories: Security Alerts

Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host.

This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN


Security Impact Rating: Medium
CVE: CVE-2021-34749
Categories: Security Alerts

Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user.

This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user's spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk

Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure


Security Impact Rating: Medium
CVE: CVE-2021-1561
Categories: Security Alerts

Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

This vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j


Security Impact Rating: Medium
CVE: CVE-2021-34734
Categories: Security Alerts

Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system.

The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx


Security Impact Rating: Medium
CVE: CVE-2021-34715
Categories: Security Alerts

Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability

Wed, 2021-08-18 16:00

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user.

This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh


Security Impact Rating: Medium
CVE: CVE-2021-34716
Categories: Security Alerts

Cisco Packet Tracer for Windows DLL Injection Vulnerability

Wed, 2021-08-04 23:00

A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path on the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow an attacker with normal user privileges to execute arbitrary code on the affected system with the privileges of another user’s account. 

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-packettracer-dll-inj-Qv8Mk5Jx


Security Impact Rating: High
CVE: CVE-2021-1593
Categories: Security Alerts

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

Wed, 2021-08-04 23:00

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4


Security Impact Rating: High
CVE: CVE-2021-1602
Categories: Security Alerts

Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass

Wed, 2021-08-04 16:00

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device.

This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4


Security Impact Rating: Medium
CVE: CVE-2021-1522
Categories: Security Alerts

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities

Wed, 2021-08-04 16:00

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:

  • Execute arbitrary code
  • Cause a denial of service (DoS) condition
  • Execute arbitrary commands 

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy


Security Impact Rating: Critical
CVE: CVE-2021-1609,CVE-2021-1610
Categories: Security Alerts

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

Wed, 2021-08-04 16:00

A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the NSO built-in Secure Shell (SSH) server for CLI was enabled. If the NSO built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which Cisco NSO is running, which is root by default.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all Cisco NSO users have this access if the server is enabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT


Security Impact Rating: High
CVE: CVE-2021-1572
Categories: Security Alerts

Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability

Wed, 2021-08-04 16:00

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system.

This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C


Security Impact Rating: Medium
CVE: CVE-2021-34707
Categories: Security Alerts

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

Wed, 2021-08-04 16:00

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. 

The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root.

Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled.

Software updates that address this vulnerability have been released. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4


Security Impact Rating: High
CVE: CVE-2021-1572
Categories: Security Alerts

Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Wed, 2021-08-04 15:58

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device.

For more information about these vulnerabilities, see the Details section of this advisory.

Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe


Security Impact Rating: High
CVE: CVE-2021-1251,CVE-2021-1308,CVE-2021-1309
Categories: Security Alerts

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

Wed, 2021-07-21 23:00

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user.

This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq


Security Impact Rating: Medium
CVE: CVE-2021-1599
Categories: Security Alerts

Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Wed, 2021-07-21 23:00

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.

These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device. 

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8


Security Impact Rating: High
CVE: CVE-2021-1600,CVE-2021-1601
Categories: Security Alerts

Pages