Cisco Unity Express Command Injection Vulnerability

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials.

The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-unity-exp-comm-inject

Security Impact Rating: Medium

CVE: CVE-2019-15986

Related:

  • No Related Posts

Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-stealth-xss

Security Impact Rating: Medium

CVE: CVE-2019-15994

Related:

  • No Related Posts

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device.

The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-iosxr-ssh-bypass

Security Impact Rating: Medium

CVE: CVE-2019-15998

Related:

  • No Related Posts

Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device.

The vulnerability is due to improper validation of certain MP3 file types. An attacker could exploit this vulnerability by sending a crafted MP3 file through the targeted device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-esa-mp3-bypass

Security Impact Rating: Medium

CVE: CVE-2019-15971

Related:

  • No Related Posts

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce

Security Impact Rating: High

CVE: CVE-2019-15992

Related:

  • No Related Posts

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Issues

Cisco firmware for certain Cisco Small Business RV Series Routers is affected by the following issues:

  • Certificate and key issued to QNO Technology
  • Hardcoded password hashes
  • Multiple vulnerabilities in third-party software (TPS) components

Certificate and Key Issued to QNO Technology

An X.509 certificate with a corresponding public/private key pair was initially found in Cisco RV042 Dual WAN VPN Router firmware. This certificate is issued to third-party entity QNO Technology.

The certificate and keys in question are part of the firmware for the following Cisco products:

  • RV016 Multi-WAN VPN Router
  • RV042 Dual WAN VPN Router
  • RV042G Dual Gigabit WAN VPN Router
  • RV082 Dual WAN VPN Router

The certificate and keys were used for testing during the development of the firmware; they were never used for live functionality in any shipping version of the product. All shipping versions of the firmware for the affected products use dynamically created certificates instead.

The inclusion of this certificate and keys in shipping software was an oversight by the development team for these routers.

Cisco bug ID: CSCvq34370

Hardcoded Password Hashes

The /etc/shadow file included in Cisco firmware for the following Cisco products contains hardcoded password hashes for the users root, cisco, and lldpd.

  • RV016 Multi-WAN VPN Router
  • RV042 Dual WAN VPN Router
  • RV042G Dual Gigabit WAN VPN Router
  • RV082 Dual WAN VPN Router

The /etc/shadow file is not consulted during user authentication by the firmware. Instead, a dedicated alternate user database is used to authenticate users who log in to the web-based management interface of the affected routers.

An attacker with access to the base operating system on an affected device could exploit this issue to obtain elevated privileges at the level of the root, cisco, or lldpd user. However, Cisco is not currently aware of a way to access the base operating system on these routers.

Cisco bug ID: CSCvq34376

Multiple Vulnerabilities in Third-Party Software Components

Third-party software (TPS) components in the firmware for the following products contain vulnerabilities:

  • RV016 Multi-WAN VPN Router
  • RV042 Dual WAN VPN Router
  • RV042G Dual Gigabit WAN VPN Router
  • RV082 Dual WAN VPN Router

Cisco will handle these vulnerabilities by using the regular Cisco process for TPS vulnerabilities in accordance with the Cisco Security Vulnerability Policy. For information about known TPS vulnerabilities that affect the firmware for these routers, consult the Cisco Bug Search Tool.

Security Impact Rating: Informational

Related:

  • No Related Posts

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system.

The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system.

Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex

Security Impact Rating: High

CVE: CVE-2019-15958

Related:

  • No Related Posts

Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user’s HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page.

This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-msa-open-redirect

Security Impact Rating: Medium

CVE: CVE-2019-15974

Related:

  • No Related Posts

Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected application. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-idn-xss

Security Impact Rating: Medium

CVE: CVE-2019-15973

Related:

  • No Related Posts

Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wsa-xss

Security Impact Rating: Medium

CVE: CVE-2019-15969

Related:

  • No Related Posts