Cisco Addresses 32 Security Vulnerabilities in Latest Patch Release
Cisco has announced the release of thirty security patch advisories aimed at addressing a total of 32 vulnerabilities across its product line. Among these, three vulnerabilities have been classified as critical, one of which pertains to a recently disclosed remote code execution flaw in Apache Struts that is currently being exploited in the wild.
The vulnerabilities encompass a broad range of Cisco products, with 14 categorized as high severity and 15 as medium. The affected products include Cisco Routers, Cisco Webex, Cisco Umbrella, Cisco SD-WAN Solutions, and Cisco Cloud Services Platforms, among others.
The three critical vulnerabilities include issues in Apache Struts, vulnerabilities in the management interface of selected routers, and weaknesses in the Cisco Umbrella API. The Apache Struts vulnerability (CVE-2018-11776) presents significant security implications; it arises from insufficient validation of untrusted user inputs within the Struts framework. An attacker can exploit this flaw by tricking users into interacting with a malicious URL, thus gaining the ability to execute arbitrary code and potentially compromise the targeted server.
Hackers could leverage techniques outlined in the MITRE ATT&CK Matrix, particularly through tactics involving initial access and execution. These tactics describe how adversaries may gain entry to systems and execute code in a targeted manner. The risk is pronounced for any organization utilizing supported versions of Apache Struts, including those listed from Struts 2.3 to 2.3.34 and Struts 2.5 to 2.5.16. Organizations are urged to promptly update their Struts components, as there are currently no effective workarounds available.
Additionally, Cisco Umbrella is affected by a critical vulnerability (CVE-2018-0435) that could allow authenticated, remote attackers to manipulate data across various organizations. This vulnerability has been traced back to inadequate authentication configurations within the Cisco Umbrella API, allowing unauthorized users to exploit it successfully. Cisco has patched the issue in the production APIs, eliminating the need for user intervention.
The final critical vulnerability (CVE-2018-0423) identified involves the web-based management interface of Cisco RV110W, RV130W, and RV215W routers. The flaw allows unauthenticated attackers to potentially execute arbitrary code or trigger a denial-of-service condition. By sending crafted requests to the impacted devices, attackers can exploit improper boundary restrictions on user-supplied inputs within the guest user feature. Cisco has released firmware updates for the RV130W router while opting to forgo updates for the RV110W and RV215W models.
As the cybersecurity landscape evolves, it is essential for businesses, especially in the U.S., to remain vigilant. The ongoing exploitation of vulnerabilities in Apache Struts highlights the dynamic threat environment. Organizations are encouraged to follow the best practices laid out by the MITRE ATT&CK framework to understand the potential tactics and techniques employed by adversaries, ensuring that necessary precautions are put in place.
In conclusion, the call to action is clear: organizations must prioritize patch management to safeguard against these vulnerabilities. Cybersecurity demands continual attention, and timely updates are a critical component of overall risk management.