Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021

A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges.

The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow. An attacker could exploit this vulnerability by accessing a Unix shell on an affected device and then invoking the sudoedit command with crafted parameters or by executing a binary exploit. A successful exploit could allow the attacker to execute commands or binaries with root privileges.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

Security Impact Rating: High

CVE: CVE-2021-3156

Related:

  • No Related Posts

Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb

Security Impact Rating: Medium

CVE: CVE-2020-3343,CVE-2020-3344

Related:

Target Device running on VM Ware Hypervisor going into a Hung state with Event – Too many retries Initiate reconnect

This issue is observed due to the overflow of the Ring Buffer. To check if the over flow of the ring buffer is happening, please follow the steps below:

1. Logon to the ESXi host and start ESXTOP.

2. Now press “n” for network and ‘t’ to order them.

3. Note down the nine digit Port Number and the Internal vSwitch name, Like – 33554464 and DvsPortset-0.

4. Then run the vsish internal debugging shell to get the statistics report from the VMXNet3 adapter:

[root@esx0:~] vsish -e get /net/portsets/vSwitch0/ports/33554464/vmxnet3/rxSummary

stats of a vmxnet3 vNIC rx queue {

LRO pkts rx ok:50314577

LRO bytes rx ok:1670451542658

pkts rx ok:50714621

bytes rx ok:1670920359206

unicast pkts rx ok:50714426

unicast bytes rx ok:1670920332742

multicast pkts rx ok:0

multicast bytes rx ok:0

broadcast pkts rx ok:195

broadcast bytes rx ok:26464

running out of buffers:10370

pkts receive error:0

# of times the 1st ring is full:7086

# of times the 2nd ring is full:3284


fail to map a rx buffer:0

request to page in a buffer:0

# of times rx queue is stopped:0

failed when copying into the guest buffer:0

# of pkts dropped due to large hdrs:0

# of pkts dropped due to max number of SG limits:0

}

Above values indicate that the ring buffer is over flowing.

Related:

  • No Related Posts