Multiple Vulnerabilities in Cisco Products

Multiple Vulnerabilities in Cisco Products

September 6, 2018 | Adeline Zhang

Cisco has released 30 security advisories on 5 September 2018 to address vulnerabilities affecting multiple products. Three of them are critical.
Reference link: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Vulnerability Description

CVE-2018-11776 – Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products (Critical)

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Vulnerable Products

Vulnerable products marked with an asterisk (*) contain an affected Struts library, but due to how the library is used within the product, these products are not vulnerable to any of the exploitation vectors known to Cisco at the time of publication.

The following table lists Cisco products that are affected by the vulnerability that is described in this advisory:

Workarounds

Any workarounds for a specific Cisco product or service will be documented in product-specific or service-specific Cisco bugs, which are identified in the Vulnerable Products section of this advisory.

CVE-2018-0435 – Cisco Umbrella API Unauthorized Access Vulnerability (Critical)

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations.

The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.

CVSS Score

Base 9.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:X/RL:X/RC:X

Affected Products

This vulnerability affects the Cisco Umbrella service.

Solution

Cisco has addressed this vulnerability in the Cisco Umbrella production APIs. No user action is required.

Reference link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

CVE-2018-0423 – Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability (Critical)

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code.

The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.

CVSS Score:

Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Affected Products

This vulnerability affects all releases of the following Cisco products:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

Devices are vulnerable only when the Guest user of the web-based management interface is enabled. The web-based management interface for these devices is available via a local LAN connection or via the remote management feature.

By default, the remote management feature is disabled for the affected devices. To determine whether the remote management feature is enabled, open the web-based management interface for a device via a local LAN connection and then choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled for the device.

The Guest user is also disabled by default. To determine whether the Guest user has been enabled, open the web-based management interface for a device and then choose Administration > Users. In the Account Activation field, verify that the Guest user is inactive.

Solution

For the Cisco RV130W Wireless-N Multifunction VPN Router, Cisco has released free firmware updates that address the vulnerability described in this advisory.

For the Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router, Cisco has not released and will not release firmware updates that address the vulnerability described in this advisory.

Reference links:

https://software.cisco.com/download/home

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow