Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches Critical Flaws in IP Phones, UCS Director

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director.

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director.

The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges. The bug has a CVSS score of 9.8.

Tracked as CVE-2020-3161, the issue exists because input in HTTP requests is not properly validated. Thus, an attacker could exploit the flaw by sending a crafted HTTP request to the web server of a vulnerable device.

“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer,” Tenable, which reported the bug to Cisco, explains.

IP Phone 7811, 7821, 7841, and 7861 Desktop Phones; IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones; Unified IP Conference Phone 8831; and Wireless IP Phone 8821 and 8821-EX were found to be affected.

Software updates that Cisco released this week address the vulnerability. The company says that, while it is aware of the flaw being publicly disclosed (Tenable has published a DoS proof-of-concept), it is not aware of the bug being targeted in attacks.

A total of three critical vulnerabilities were addressed in Cisco UCS Director and UCS Director Express for Big Data, all three discovered in the REST API. The bugs may allow a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.

The flaws are tracked as CVE-2020-3239, CVE-2020-3240, and CVE-2020-3243, and exist due to insufficient access control validation and improper input validation. All three issues were addressed in UCS Director 6.7.4.0 and UCS Director Express for Big Data 3.7.4.0.

This week, Cisco also released patches for seven high severity vulnerabilities impacting Wireless LAN Controller (WLC) Software, Webex Network Recording Player and Webex Player, Mobility Express Software, IoT Field Network Director, Unified Communications Manager (UCM) and UCM Session Management Edition (SME), and Aironet Series Access Points Software.

Six of the bugs could be exploited by unauthenticated, remote attackers to cause denial of service (DoS), conduct a cross-site request forgery (CSRF) attack, or to conduct directory traversal attacks. The bug in Webex Player could lead to remote code execution.

Cisco has released free software updates to address all of these vulnerabilities and says it is not aware of any public announcements or malicious use of these bugs. Details on each vulnerability are available on Cisco’s support website.

Related: Cisco Unveils SecureX Security Platform

Related: Cisco Patches DoS, Information Disclosure Flaws in Small Business Switches

Related: Cisco Patches Critical Vulnerability in Network Security Tool

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.