Cisco Security Advisories

Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0485
Categories: Security Alerts

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability

Wed, 2018-09-26 14:00
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0476
Categories: Security Alerts

Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device.

The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access


Security Impact Rating: Medium
CVE: CVE-2018-15371
Categories: Security Alerts

Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol.

The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0473
Categories: Security Alerts

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device.

The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-privesc


Security Impact Rating: Medium
CVE: CVE-2018-15368
Categories: Security Alerts

Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.

The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak


Security Impact Rating: Medium
CVE: CVE-2018-15377
Categories: Security Alerts

Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability

Wed, 2018-09-26 14:00
A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload.

The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0466
Categories: Security Alerts

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device.

The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-macsec


Security Impact Rating: Medium
CVE: CVE-2018-15372
Categories: Security Alerts

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities

Wed, 2018-09-26 14:00

Multiple vulnerabilities in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device.

The vulnerabilities are due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit these vulnerabilities by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device.

There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite


Security Impact Rating: Medium
CVE: CVE-2018-15375,CVE-2018-15376
Categories: Security Alerts

Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability

Wed, 2018-09-26 14:00
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload.

The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0467
Categories: Security Alerts

Cisco IOS XE Software Errdisable Denial of Service Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition.

The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0480
Categories: Security Alerts

Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device.

The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig


Security Impact Rating: Medium
CVE: CVE-2018-15374
Categories: Security Alerts

Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability

Wed, 2018-09-26 14:00
A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition.

The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0471
Categories: Security Alerts

Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos


Security Impact Rating: Medium
CVE: CVE-2018-15373
Categories: Security Alerts

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability

Wed, 2018-09-26 14:00

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0475
Categories: Security Alerts

Cisco IOS XE Software Command Injection Vulnerabilities

Wed, 2018-09-26 14:00

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.

The vulnerabilities exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2018-0477,CVE-2018-0481
Categories: Security Alerts

Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability

Mon, 2018-09-24 19:17
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system.

The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection.

If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap
Security Impact Rating: High
CVE: CVE-2018-0277
Categories: Security Alerts

Cisco Identity Services Engine Authentication Bypass Vulnerability

Mon, 2018-09-24 19:17
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.

The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal.

This vulnerability does not affect endpoints authenticating to the ISE.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise
Security Impact Rating: High
CVE: CVE-2017-6747
Categories: Security Alerts

Cisco Identity Services Engine Unauthorized Access Vulnerability

Mon, 2018-09-24 19:17
A vulnerability in the Admin portal of devices running Cisco Identity Services Engine (ISE) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

An attacker who can connect to the Admin portal of an affected device could potentially exploit this vulnerability. A successful exploit may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of Cisco ISE software that resolves this vulnerability.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
Security Impact Rating: Critical
CVE: CVE-2015-6323
Categories: Security Alerts

Cisco Identity Services Engine Privilege Escalation Vulnerability

Mon, 2018-09-24 19:17
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.

The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise
Security Impact Rating: High
CVE: CVE-2017-12261
Categories: Security Alerts

Pages