Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director.
The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges. The bug has a CVSS score of 9.8.
Tracked as CVE-2020-3161, the issue exists because input in HTTP requests is not properly validated. Thus, an attacker could exploit the flaw by sending a crafted HTTP request to the web server of a vulnerable device.
“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer,” Tenable, which reported the bug to Cisco, explains.
IP Phone 7811, 7821, 7841, and 7861 Desktop Phones; IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones; Unified IP Conference Phone 8831; and Wireless IP Phone 8821 and 8821-EX were found to be affected.
Software updates that Cisco released this week address the vulnerability. The company says that, while it is aware of the flaw being publicly disclosed (Tenable has published a DoS proof-of-concept), it is not aware of the bug being targeted in attacks.
A total of three critical vulnerabilities were addressed in Cisco UCS Director and UCS Director Express for Big Data, all three discovered in the REST API. The bugs may allow a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.
The flaws are tracked as CVE-2020-3239, CVE-2020-3240, and CVE-2020-3243, and exist due to insufficient access control validation and improper input validation. All three issues were addressed in UCS Director 6.7.4.0 and UCS Director Express for Big Data 3.7.4.0.
This week, Cisco also released patches for seven high severity vulnerabilities impacting Wireless LAN Controller (WLC) Software, Webex Network Recording Player and Webex Player, Mobility Express Software, IoT Field Network Director, Unified Communications Manager (UCM) and UCM Session Management Edition (SME), and Aironet Series Access Points Software.
Six of the bugs could be exploited by unauthenticated, remote attackers to cause denial of service (DoS), conduct a cross-site request forgery (CSRF) attack, or to conduct directory traversal attacks. The bug in Webex Player could lead to remote code execution.
Cisco has released free software updates to address all of these vulnerabilities and says it is not aware of any public announcements or malicious use of these bugs. Details on each vulnerability are available on Cisco’s support website.
Related: Cisco Unveils SecureX Security Platform
Related: Cisco Patches DoS, Information Disclosure Flaws in Small Business Switches
Related: Cisco Patches Critical Vulnerability in Network Security Tool
More from Ionut Arghire
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
- Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
Latest News
- UK Introduces Mass Surveillance With Online Safety Bill
- Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
- Blockchain Security Firm True I/O Raises $9 Million
- Spera Banks $10 Million to Tackle Identity and Access Sprawl
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
