Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

Cisco Issues Critical Security Patches for IOS XE Software Vulnerabilities

On September 24, 2021, Cisco Systems announced the release of critical patches addressing three significant security vulnerabilities within its IOS XE network operating system. These vulnerabilities could allow remote attackers to execute arbitrary code with administrative privileges and potentially initiate a denial-of-service (DoS) condition on affected devices.

The most severe of these vulnerabilities is identified as CVE-2021-34770, which has received a maximum Common Vulnerability Scoring System (CVSS) score of 10.0. This flaw pertains to the Cisco IOS XE Software specifically for Catalyst 9000 Family Wireless Controllers and is characterized as a “logic error” during the handling of CAPWAP (Control And Provisioning of Wireless Access Points) packets. This flaw essentially enables a centralized wireless controller to manage access points, but the error within the management process could be exploited by malicious actors.

In addition to CVE-2021-34770, Cisco also addressed two other vulnerabilities, both scoring 9.8 on the CVSS scale. The first, CVE-2021-34727, relates to a buffer overflow vulnerability in Cisco IOS XE SD-WAN Software, which could allow attackers to corrupt memory or execute arbitrary code. The second, CVE-2021-1619, presents an authentication bypass vulnerability affecting NETCONF and RESTCONF protocols, further raising concerns about unauthorized access.

The targets of these vulnerabilities include businesses utilizing Cisco’s IOS XE platform for network management. Given the critical nature of these vulnerabilities, organizations operating in sectors that rely heavily on robust network management solutions, such as telecommunications and IT services, are particularly at risk.

The vulnerabilities are likely situated within the framework of the MITRE ATT&CK Matrix, particularly aligned with tactics such as initial access through exploitation of the remote code execution vulnerability, persistence via unauthorized access points, and privilege escalation that could allow for further system control. These tactics exemplify the sophisticated nature of modern cyber threats, emphasizing the need for organizations to prioritize thorough patch management and responsive security protocols.

Business owners are encouraged to take immediate action to patch their systems and review their configurations to mitigate any risks associated with these vulnerabilities. As cyber threats continue to evolve, awareness and proactive measures become essential for safeguarding critical infrastructure and sensitive data. Ignoring these vulnerabilities could leave networks compromised and open to further exploitation by adversaries.

In conclusion, the vulnerabilities identified in Cisco’s IOS XE software underscore the ongoing challenges in cybersecurity, particularly for businesses dependent on complex network infrastructures. It is imperative for organizations to stay vigilant and maintain an active approach to security best practices to protect their assets against emerging threats.

Source link

Related Posts

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.