Cisco fastened critical vulnerabilities throughout a number of of its merchandise this week, together with in its Industrial Community Director, Modeling Labs, ASR 5000 Collection Routers, and BroadWorks Community Server. The issues can result in administrative command injection, authentication bypass, distant privilege escalation and denial of service.
The Cisco Industrial Community Director (IND), a community monitoring and administration server for operational know-how (OT) networks, acquired patches for 2 vulnerabilities rated essential and medium respectively. These had been fastened in model 1.11.3 of the software program.
The essential flaw, CVE-2023-20036, is within the web-based person interface of Cisco IND and will permit authenticated distant attackers to execute arbitrary instructions on the underlying Home windows working system with administrative privileges (NT AUTHORITYSYSTEM). The vulnerability is the results of inadequate enter validation within the performance that enables customers to add Gadget Packs.
The medium-risk flaw fastened in Cisco IND, CVE-2023-20039, is the results of insufficiently sturdy file permissions by default on the applying information listing. A profitable exploit may permit an authenticated attacker to entry delicate data and information from this listing.
Cisco Modeling Labs flaw may permit for unauthorized distant entry
Cisco Modeling Labs, an on-premise community simulation device, has a essential vulnerability (CVE-2023-20154) that outcomes from processing sure messages from an exterior LDAP authentication server, which may permit an unauthenticated distant attacker to achieve entry to the device’s internet interface with administrative privileges. This is able to give them entry to view and modify all simulations and user-created information.
The flaw impacts Modeling Labs for Training, Modeling Labs Enterprise and Modeling Labs – Not For Resale, however not Modeling Labs Private and Private Plus. It might probably solely be exploited if the exterior LDAP server is configured in a means that it responds to look queries with a non-empty array of matching entries. The configuration of the LDAP server might be modified by an administrator to mitigate this flaw as a short lived workaround, however clients are suggested to improve Modeling Labs to model 2.5.1 to repair the vulnerability.
Privilege escalation doable with Cisco StarOS flaw
The Cisco StarOS Software program which is used on ASR 5000 Collection Routers, but in addition on the Virtualized Packet Core – Distributed Occasion (VPC-DI) and Virtualized Packet Core – Single Occasion (VPC-SI) options, has a high-risk vulnerability (CVE-2023-20046) in its implementation of key-based SSH authentication.
Specifically, if an attacker sends an authentication request over SSH from an IP deal with configured because the supply for a high-privileged account, however as an alternative gives the SSH key for a low-privileged account, the system will authenticate them because the high-privileged account despite the fact that they did not present the proper SSH key. This ends in privilege escalation and is the results of inadequate validation of the equipped credentials.
As a workaround, directors may configure all person accounts which can be permitted for SSH key-based authentication to make use of completely different IP addresses. Nonetheless, Cisco recommends upgrading to a set model of the software program.
Cisco BroadWorks vulnerability may result in denial of service
The Cisco BroadWorks Community Server acquired a patch for a high-risk vulnerability (CVE-2023-20125) in its TCP implementation that might result in a denial-of-service situation. The flaw outcomes from a scarcity of price limiting for incoming TCP connections, permitting unauthenticated distant attackers to ship a excessive price of TCP connections to the server and exhaust its system sources. Prospects are suggested to deploy the AP.ns.23.0.1075.ap385072.Linux-x86_64.zip or RI.2023.02 patches.
Cisco additionally patched a number of medium-risk flaws this week in its TelePresence Collaboration Endpoint and RoomOS, Cisco SD-WAN vManage Software program and the Cisco Packet Information Community Gateway. These may end up in arbitrary file write, arbitrary file deletion and IPsec ICMP denial of service.
Copyright © 2023 IDG Communications, Inc.