Cisco IOS XE Software Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-12650,CVE-2019-12651

Related:

  • No Related Posts

Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-12647

Related:

  • No Related Posts

Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device.

The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-12648

Related:

  • No Related Posts

Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device.

The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass

This advisory is part of the September 25, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2019 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-12649

Related:

  • No Related Posts

When integrated with Intune MAM via EMS Connector, attempts to publish or edit an app in the Citrix Cloud Library results in '500 internal server error' being displayed.

This problem can be caused by invalid details being used to populate ‘Intune app protection policies’ on Citrix Cloud Library. See the value ’12’ entered for ‘Require minimum iOS operating system’ in the following:

To resolve this issue, you must first manually delete some of the content which has been incorrectly created. This example will use ‘Microsoft Excel for iOS’ as the affected app which is in need of manual steps to remove. This example also assumes that Citrix Endpoint Management is in use for MDM functions. Once fully removed, the app can then be deployed again, gracefully, by using modified settings.

To manually remove the affected app and related settings:

– Log on to Citrix Cloud Library with an administrator account (requires Citrix Endpoint Management permissions and also Library permissions)

– Open the Library and delete the app, if it is found (the app will likely be missing from this screen, though it is best practice to delete the app from the Library if it is found in the Library)

– Log on to Microsoft Azure using a suitable account with administrative privileges (require permissions to manage applications)

– Find the following elements and manually delete them:

1) Under Intune App Protection > Apps > Delete the affected app if it is found


2) Under Intune App Protection Policies > Delete any entries for the app here also (if any are found)


3) Under Intune App Configuration Policies > Delete any entries here too (if any are found)


The steps listed above will remove the app and related settings from Intune only.

– Log on to Citrix Endpoint Management console (if in use) and delete the following entries

1) Under Configure > Apps > Delete the affected app if found

2) Under Configure > Delivery Groups > Delete the Delivery Group, which has been created for the app, if one is found

The steps listed above will fully remove the app from Microsoft Azure and also from Citrix Endpoint Management service. Only after the app has been removed, will attempts to publish it again succeed as intended.

When publishing the app again, take care to enter the configuration details in the same way as described at: https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios.

For ‘iOS Minimum operating system’, the detail should be entered as ‘major dot minor’ (for example, enter 12.0, not 12).

In this example, entering ‘12.0’ for ‘Require minimum iOS operating system’ meets the syntax requirements for Intune MAM. Using this value does not result in ‘500 internal server error’ being received.

Related:

  • No Related Posts