Cisco Multiple Security Vulnerabilities Alert
Recently, Cisco officially released a semi-annual security advisory report for Cisco IOS and IOS XE software, which announced 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE software. A further report describes the vulnerabilities in the Cisco ASA software. The safety impact rating (SIR) for all 13 vulnerabilities is High. Four of the vulnerabilities affect Cisco IOS Software and Cisco IOS XE software, one vulnerability affecting Cisco IOS software, seven vulnerabilities affecting Cisco IOS XE software, and one vulnerability affecting Cisco IOS XE software and Cisco ASA software. Cisco has confirmed that all vulnerabilities do not affect Cisco NX-OS software.
Vulnerability description
| CVE number | CVSS 3.0 | Vulnerability description |
| CVE-2018-0472 | 8.6 | Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability |
| CVE-2018-0466 | 7.4 | Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability |
| CVE-2018-0469 | 8.6 | Cisco IOS XE Software Web UI Denial of Service Vulnerability |
| CVE-2018-0470 | 8.6 | Cisco IOS XE Software HTTP Denial of Service Vulnerability |
| CVE-2018-0485 | 8.6 | Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability |
| CVE-2018-0476 | 8.6 | Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability |
| CVE-2018-0473 | 7.5 | Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability |
| CVE-2018-0467 | 8.6 | Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability |
| CVE-2018-0477CVE-2018-0481 | 6.7 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2018-0480 | 7.4 | Cisco IOS XE Software Errdisable Denial of Service Vulnerability |
| CVE-2018-0475 | 7.4 | Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability |
| CVE-2018-0471 | 7.4 | Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability |
| CVE-2018-0422 | 7.3 | Cisco Webex Meeting Client for Windows Licensing Vulnerability |
CVE-2018-0472
Vulnerabilities in IPsec driver code for multiple Cisco IOS XE software platforms and Cisco ASA 5500-X Series Adaptive Security Appliances (ASA) may allow unauthenticated remote attackers to cause device reloads.
The vulnerability is caused by improper handling of malformed IPsec Authentication Headers (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending a malformed IPsec packet that could allow an attacker to reload an affected device.
Affected products:
The specific product affected models refer to the following links:
Cisco ASA Software and Cisco ASA 5500-X Series with Firepower Threat Defense Software
Solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability. Suggestions for fixing the ASA software can also be viewed under the heading “Cisco ASA Software” in the following link.
CVE-2018-0469
A vulnerability in the web user interface of Cisco IOS XE software could allow an unauthenticated remote attacker to cause the affected device to reload. The vulnerability is caused by a double memory release of the affected software while processing a particular HTTP request.
An attacker could exploit this vulnerability by sending a specific HTTP request to the affected user’s web user interface. Successful exploitation may allow an attacker to reload an affected device, resulting in a denial of service (DoS) condition on the affected device. To exploit this vulnerability, an attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.
Affected products:
The Cisco IOS XE release prior to 16.2.2 does not require authentication to exploit this vulnerability. Cisco IOS XE 16.2.2 and later requires authentication to exploit this vulnerability.
solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability.
CVE-2018-0470
A vulnerability in the web framework of Cisco IOS XE software could allow an unauthenticated remote attacker to cause a buffer overflow on the affected device, resulting in a denial of service (DoS).
The vulnerability is due to an affected software error parsing an incorrectly formatted HTTP packet destined for the device. An attacker could exploit this vulnerability by sending malformed HTTP packets to the affected device. Successful exploitation may allow an attacker to cause a buffer overflow on the affected device, resulting in a DoS.
Affected products:
If the HTTP Server feature is enabled, this vulnerability affects Cisco devices running the vulnerable Cisco IOS XE software release. The default state of the HTTP Server feature depends on the software version. The specific Cisco IOS XE software vulnerable version is referenced in the Cisco IOS Software Checker provided by Cisco in the solution.
Solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability.
CVE-2018-0485
Vulnerability in SM-1T3 / E3 Firmware on Cisco’s Second Generation Integrated Services Router (ISR G2) and Cisco 4451-X Integrated Services Router (ISR4451-X) may allow unauthenticated remote attackers to cause ISR G2 The SM-1T3/E3 module on the router or ISR4451-X is reloaded, resulting in a denial of service (DoS) on the affected device.
The vulnerability is caused by improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3 / E3 module console and entering a sequence of strings. Successful use may cause an attacker to reload the SM-1T3/E3 module on the ISR G2 router or ISR4451-X, causing the affected device to have a DoS.
Affected products:
This vulnerability affects the Cisco ISR G2 or Cisco ISR4451-X router if the SM-X-1T3/E3 module is installed and the affected Cisco IOS or IOS XE software version is running.
The specific Cisco IOS and IOS XE software vulnerable versions are referenced in the Cisco IOS Software Checker provided by Cisco in the solution.
Solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability.
CVE-2018-0476
A vulnerability in Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) for Cisco IOS XE Software could allow an unauthenticated remote attacker to cause an affected device to reload.
The vulnerability is caused by improper handling of SIP packets transmitted while NAT is being performed on the affected device. An unauthenticated remote attacker can successfully exploit the vulnerability by sending a carefully crafted SIP packet to the affected device. An attacker could be allowed to reload the device, resulting in a denial of service (DoS).
Affected products:
This vulnerability affects devices that are running Cisco IOS XE software and are configured with NAT. As long as NAT is configured on the device, the SIP ALG function is enabled. The specific Cisco IOS XE software vulnerable version is referenced in the Cisco IOS Software Checker provided by Cisco in the solution.
Solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability.
CVE-2018-0467
A vulnerability in the IPv6 processing code for Cisco IOS and IOS XE software could allow an unauthenticated remote attacker to cause a device to reload.
The vulnerability is due to error handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to an affected device. Successful exploitation may allow an attacker to reload the device, resulting in a denial of service (DoS) on the affected device.
Affected products:
This vulnerability affects devices running IPv6 addresses that are vulnerable to attacked Cisco IOS or IOS XE software. The specific Cisco IOS and IOS XE software vulnerable versions are referenced in the Cisco IOS Software Checker provided by Cisco in the solution.
Solution:
Cisco has released a software update to address this vulnerability. Refer to the following link to view the Cisco IOS Software Checker from Cisco, which identifies any Cisco security advisories that affect specific Cisco IOS and IOS XE software releases, as well as fixes the earliest versions of the vulnerability.
