Overview
On August 21, 2019, local time, Cisco officially released multiple security advisories, announcing remediation of critical vulnerabilities in a number of products. These vulnerabilities include authentication bypass and remote code execution vulnerabilities and the most critical one gets a CVSS score of 9.8.
For details about the security advisories and alerts, visit the following link:
https://tools.cisco.com/security/center/publicationListing.x
Vulnerability Description
Cisco Small Business 220 Series Smart Switches
CVE-2019-1912 Authentication Bypass Vulnerability
CVSS 3.0: 9.1
The vulnerability is due to incomplete authorization checks in the web management interface. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious request to result in arbitrary code execution.
- Affected versions:
Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4
- Unaffected versions:
Cisco Small Business 220 Series Smart Switches running firmware 1.1.4.4 and later
For details, see the official advisory:
CVE-2019-1913 Remote Code Execution Vulnerabilities
CVSS 3.0: 9.8
The buffer overflow vulnerabilities are due to insufficient validation of user-supplied input when reading data into an internal buffer. An attacker could exploit these vulnerabilities to execute arbitrary code on an affected system with root privileges.
- Affected versions:
Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4
- Unaffected versions:
Cisco Small Business 220 Series Smart Switches running firmware 1.1.4.4 and later
For details, see the official advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce
Cisco IMC Supervisor, UCS Director, Cisco UCS Director Express
CVE-2019-1974 Authentication Bypass Vulnerability
CVSS 3.0: 9.8
The vulnerability is due to insufficient request header validation during the authentication process. An unauthenticated attacker could exploit this vulnerability to bypass user authentication and gain access as an administrative user.
- Affected versions:
Cisco IMC Supervisor releases:
2.1
2.2.0.0 – 2.2.0.6
Cisco UCS Director releases:
5.5.0.0 – 5.5.0.2
6.0.0.0 – 6.0.1.3
6.5.0.0 – 6.5.0.3
6.6.0.0 and 6.6.1.0
6.7.0.0 – 6.7.2.0
Cisco UCS Director Express for Big Data releases:
2.1.0.0 – 2.1.0.2
3.0.0.0 – 3.0.1.3
3.5.0.0 – 3.5.0.3
3.6.0.0 and 3.6.1.0
3.7.0.0 – 3.7.2.0
- Unaffected versions:
Cisco IMC Supervisor releases 2.2.1.0 and later
Cisco UCS Director releases 6.7.3.0 and later
Cisco UCS Director Express for Big Data releases 3.7.3.0 and later
For details, see the official advisory:
Cisco UCS Director, UCS Director Express for Big Data
CVE-2019-1938 API Authentication Bypass Vulnerability
CVSS 3.0: 9.8
The vulnerability is due to improper authentication request handling. An unauthenticated, remote attacker could exploit this vulnerability to bypass authentication and execute arbitrary actions with administrator privileges on an affected system.
- Affected versions:
UCS Director releases 6.7.0.0 and 6.7.1.0
UCS Director Express for Big Data releases 3.7.0.0 and 3.7.1.0
- Unaffected versions:
Cisco UCS Director 6.7.2.0 and later (recommended: 6.7.3.0)
Cisco UCS Director Express for Big Data 3.7.2.0 and later (recommended: 3.7.3.0)
For details, see the official advisory:
Cisco Integrated Management Controller Supervisor, UCS Director, UCS Director Express for Big Data
CVE-2019-1935 Default Credentials Vulnerability
CVSS 3.0: 9.8
The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. An unauthenticated, remote attacker could exploit this vulnerability by using the account to log in to an affected system.
- Affected versions:
Cisco IMC Supervisor releases:
2.1
2.2.0.0 – 2.2.0.6
Cisco UCS Director releases:
6.0
6.5
6.6.0.0 and 6.6.1.0
6.7.0.0 and 6.7.1.0
Cisco UCS Director Express for Big Data releases:
3.0
3.5
3.6
3.7.0.0 and 3.7.1.0
- Unaffected versions:
Cisco Integrated Management Controller Supervisor releases 2.2.1.0 and later
Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
Cisco UCS Director Express for Big Data 3.7.2.0 and later (recommended: 3.7.3.0)
For details, see the official advisory:
CVE-2019-1937 Authentication Bypass Vulnerability
CVSS 3.0: 9.8
The vulnerability is due to insufficient request header validation during the authentication process. An unauthenticated, remote attacker could exploit this vulnerability to gain full administrator access to an affected device.
- Affected versions:
Cisco IMC Supervisor releases:
2.1
2.2.0.0 – 2.2.0.6
Cisco UCS Director releases:
6.0
6.5
6.6.0.0 and 6.6.1.0
6.7.0.0 and 6.7.1.0
Cisco UCS Director Express for Big Data releases:
3.0
3.5
3.6
3.7.0.0 and 3.7.1.0
- Unaffected versions:
Cisco Integrated Management Controller Supervisor 2.2.1.0 and later
Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
Cisco UCS Director Express for Big Data 3.7.2.0 and later (recommended: 3.7.3.0)
For details, see the official advisory:
Solution
Cisco has provided new releases to fix these vulnerabilities. Users are advised to upgrade their installations as soon as possible. For details, see official security advisories for these vulnerabilities.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
