Cisco released a set of security updates which include one critical, seven high severity and nineteen medium security advisories. At least seven vulnerabilities lead to denial of service condition on the affected system and the most severe vulnerability could allow a remote unauthenticated attacker to gain administrative access on the affected device.
Cisco has released security updates for the following products:
- Cisco Small Business Smart and Managed Switches
- Cisco Firepower Management Center (FMC)
- Cisco TelePresence Collaboration Endpoint (CE) Software
- Cisco TelePresence Codec (TC) Software
- Cisco RoomOS
- Cisco IOS XE SD-WAN Software
- Cisco SD-WAN Solution vManage
- Cisco Smart Software Manager On-Prem
- Cisco IOS XR Software
- Cisco Webex Teams Client
- Cisco Unified Communications Manager (UCM)
- Cisco Jabber Guest
- Cisco Application Policy Infrastructure Controller (APIC)
- Cisco AsyncOS Software
- Cisco Email Security Appliance (ESA)
- Cisco Unity Connection
- Cisco Umbrella Roaming Client
- Cisco SD-WAN Solution
- Cisco Hosted Collaboration Mediation Fulfillment (HCM-F)
A critical vulnerability(CVE-2019-16028) exists in the web-based management interface of Cisco Firepower Management Center (FMC). This flaw could allow a remote unauthenticated attacker to bypass authentication and also execute arbitrary actions with administrative privileges on an affected device. This security issue arises due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker can gain administrative access to the web-based management interface by sending crafted HTTP requests to an affected device. There are no instances of public exploitation of this vulnerability.
High Severity Vulnerabilities
- CVE-2020-3143 : A path traversal vulnerability exists in video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software due to insufficient validation of user-supplied input to the xAPI. An attacker who sends crafted request to the xAPI, could read and write arbitrary files in the system. But, it is required for an attacker to have an In-Room Control or administrator account.
- CVE-2019-1950 : A vulnerability exists in Cisco IOS XE SD-WAN Software due to the existence of default credentials within the default configuration. An attacker with access to an affected device could login with elevated privileges and take complete control of the device.
- CVE-2020-3115 : A vulnerability exists in the CLI of the Cisco SD-WAN Solution vManage software due to insufficient input validation. An attacker who sends crafted files to an affected system, could elevate his privileges to gain root-level privileges.
- CVE-2019-16029 : A denial of service vulnerability exists in application programming interface (API) of Cisco Smart Software Manager On-Prem due to lack of input validation in the API. An attacker can change or corrupt user account information by sending crafted HTTP requests, which could grant the attacker administrator access or prevent a legitimate user from accessing the web interface, resulting in a denial of service (DoS) condition.
- CVE-2019-16018 : A vulnerability exists in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An unauthenticated attacker can exploit this vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to and wait for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could unexpectedly restart the BGP process, resulting in a denial of service condition.
- CVE-2019-16027 : A vulnerability exists in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An authenticated remote attacker who sends a crafted SNMP request to the affected device could cause a DoS condition in the IS–IS process.
CVE-2019-16019, CVE-2019-16020, CVE-2019-16021, CVE-2019-16022, CVE-2019-16023 : Multiple denial of service vulnerabilities exist in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software, due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An unauthenticated remote attacker can cause the BGP process to restart unexpectedly, resulting in a denial of service condition. In order to exploit these vulnerabilities, an attacker would have to send BGP EVPN update messages with malformed attributes to be processed by an affected system. These malicious BGP EVPN update messages should originate from a configured, valid BGP peer, or must be injected into a victim’s BGP network on an existing, valid TCP connection to a BGP peer.
Medium Severity Vulnerabilities
There are 19 medium severity vulnerabilities that were addressed. Exploitation of these flaws could lead to cross-site scripting, denial of service, SQL injection, command injection, HTTP header injection and information disclosure attacks on affected systems. These include:
CVE-2020-3121, CVE-2019-1909, CVE-2020-3131, CVE-2020-3135, CVE-2020-3136, CVE-2020-3139, CVE-2020-3134, CVE-2020-3133, CVE-2020-3137, CVE-2020-3130, CVE-2020-3117, CVE-2019-16000, CVE-2020-3129, CVE-2019-12619, CVE-2019-12628, CVE-2019-12629, CVE-2019-15989, CVE-2020-3124, and CVE-2019-15963
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication mechanisms, escalate privileges, disclose sensitive information; or conduct cross-site scripting, path/directory traversal, denial of service, SQL Injection, command injection or HTTP header injection attacks.
We recommend installing the necessary Cisco security updates as soon as possible to stay protected.