Cisco released 29 updates to address the vulnerabilities in its products. There is one critical vulnerability that was addressed in this set of updates. This vulnerability requires no authentication for exploitation and is remotely exploitable. 6 vulnerabilities are rated high in severity out of which 2 are related to Aironet.  The other products which were affected by important vulnerabilities are Cisco Firepower Management Center, Cisco Wireless LAN Controller, Cisco SPA100 Series Analog Telephone Adapters and Cisco Small Business Smart and Managed Switches.


In the limelight: Cisco Aironet

One critical and two high severity flaws were addressed in Cisco Aironet Access Points. Cisco Aironet is a series of wireless access points that cater to a variety of enterprises ranging from midsize environments to large enterprise deployments including indoor warehouse or manufacturing and outdoor environments.

According to the advisory, CVE-2019-15260 is classified as an Unauthorized Access Vulnerability which could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. Cisco explains that the flaw exists due to an insufficient access control for certain URLs on an affected device. An attacker can request specific URLs from an affected access point to exploit the vulnerability which gives him access to the device with elevated privileges. This allows the attacker to view sensitive information and modify its contents. In some cases it is also possible to modify the wireless network configuration and cause denial of service condition by disabling the access point.

The high severity bugs in Cisco Aironet are CVE-2019-15261 and CVE-2019-15264. Cisco explains that these vulnerabilities are due to “improper resource management during CAPWAP message processing” and “insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected Access Point” respectively.  CVE-2019-15261 and CVE-2019-15264, both lead to denial of service in the access points.


Affected products

CVEsAffected Products
CVE-2019-15260 Aironet 1540 Series APs
Aironet 1560 Series APs
Aironet 1800 Series APs
Aironet 2800 Series APs
Aironet 3800 Series APs
Aironet 4800 APs
CVE-2019-15261 Aironet 1810 Series APs
Aironet 1830 Series APs
Aironet 1850 Series APs
CVE-2019-15264 Aironet 1540 Series APs
Aironet 1560 Series APs
Aironet 1800 Series APs
Aironet 2800 Series APs
Aironet 3800 Series APs
Aironet 4800 APs
Catalyst 9100 APs

Impact

Successful exploitation of

  • CVE-2019-15260 allows a remote unauthenticated attacker to gain unauthorized access to a targeted device with elevated privileges.
  • CVE-2019-15264 allows an attacker to restart the device leading to denial of service condition for clients associated with the Access Point.
  • CVE-2019-15261 allows an attacker to crash an internal process of the targeted Access Point(AP), which leads to reloading of the AP. This causes a denial of service condition for clients associated with the AP.

Solution

Cisco has released a fix for these vulnerabilities and advises customers to install an appropriate update corresponding to the existing version of software(Refer to ‘Fixed Releases’ section of the advisory corresponding to the CVE). It is recommended to apply the updates from the following advisories to ensure complete protection.


Though there have been no instances of active exploitation of these vulnerabilities, most of the vulnerabilities rated high in severity are exploitable without authentication. Hence, we strongly recommend that these updates be installed at the earliest.


Summary
Attackers can slip through the AiroNET!
Article Name
Attackers can slip through the AiroNET!
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *