Multiple Vulnerabilities in Cisco Products
On September 5, Cisco officially released 30 security reports on different levels of vulnerability in its products, including three serious vulnerabilities.
Vulnerability description
CVE-2018-11776
Apache Struts2 Remote Code Execution Vulnerability (CVE-2018-11776) Affects Cisco Products (Critical)
A vulnerability in Apache Struts2 could allow an unauthenticated remote attacker to execute arbitrary code on the target system.
Affected products:
The following table lists the Cisco products affected by this vulnerability, and products or services not listed in the following table should be considered vulnerable. The vulnerable products marked with an asterisk (*) contain the affected Struts libraries, but the way the library is used in the product, which is not susceptible to any utilisation vectors currently known by Cisco.
Product | Cisco bug ID | Fixed version availability |
Collaboration and social media | ||
Cisco SocialMiner * | CSCvk78903 | The patch will be released on September 11, 2018 |
Endpoint client and client software | ||
Cisco Prime Service Catalog * | CSCvm13989 | |
Network and content security devices | ||
Cisco Identity Services Engine (ISE) | CSCvm14030 | The patch file was released on August 31, 2018. |
Voice and unified communications equipment | ||
Cisco Emergency Responder * | CSCvm14044 | |
Cisco Finesse * | CSCvk78905 | The patch will be released on September 7, 2018. |
Cisco Hosted Collaboration Solution for Contact Center * | CSCvm14052 | |
Cisco MediaSense * | CSCvk78906 | |
Cisco Unified Communications Manager * | CSCvm14042 | |
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) * | CSCvm14049 | |
Cisco Unified Contact Center Enterprise * | CSCvm13986 | |
Cisco Unified Contact Center Enterprise – Live Data server * | CSCvk78902 | The patch will be released on September 7, 2018. |
Cisco Unified Contact Center Express * | CSCvm21744 | |
Cisco Unified Intelligence Center * | CSCvm13984 | |
Cisco Unified Intelligent Contact Management Enterprise * | CSCvm13986 | |
Cisco Unified SIP Proxy Software * | CSCvm13980 | |
Cisco Unified Survivable Remote Site Telephony Manager * | CSCvm13979 | |
Cisco Unity Connection * | CSCvm14043 | |
Cisco Virtualized Voice Browser * | CSCvm14056 | |
Video, streaming, telepresence and transcoding devices | ||
Cisco Video Distribution Suite for Internet Streaming (VDS-IS) * | CSCvm14027 | 2.3.35 (September 15, 2018) |
Cisco Cloud Hosting Service | ||
Cisco Network Performance Analysis | CSCvm14040 |
Solution:
Solutions for affected Cisco products or services will be recorded in Cisco bugs for specific products or specific services, see “Cisco bug ID” in the table above for access.
CVE-2018-0435 (Critical)
A vulnerability exists in the Cisco Umbrella API that could allow an authenticated remote attacker to view and modify data in their organisation and other organisations.
This vulnerability is caused by insufficient authentication configuration for the Cisco Umbrella API interface. Successful exploitation of this vulnerability could allow an attacker to read or modify data across multiple organisations.
CVSS 3.0 Rating:
Base 9.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:X/RL:X/RC:X
Affected products:
This vulnerability affects the Cisco Umbrella service.
Solution:
Cisco has fixed the vulnerability in the Cisco Umbrella production API. No user action is required to apply the patch.
CVE-2018-0423 (Critical)
Vulnerabilities in the Web Management Interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multi-Function VPN Router, and Cisco RV215W Wireless-N VPN Router may allow unauthenticated remote attackers to cause a denial of service attack or perform arbitrary Code.
The vulnerability is caused by improper input boundary restrictions provided by the user in the Guest user function of the Web Management Interface. An attacker could exploit this vulnerability by sending a malicious request to the target device, triggering a buffer overflow. Successful exploitation of this vulnerability could allow an attacker to stop a device from responding, resulting in a denial of service attack or allowing an attacker to execute arbitrary code.
CVSS 3.0 Rating:
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Affected products:
This vulnerability affects all versions of the following Cisco products:
- RV110W Wireless-N VPN Firewall
- RV130W Wireless-N Multifunction VPN Router
- RV215W Wireless-N VPN Router
The device is vulnerable to attacks only when the Guest user of the Web Management Interface is enabled. The web management interface for these devices is available through a local LAN connection or remote management capabilities.
By default, remote management is disabled for affected devices. To determine if the remote management feature is enabled, open the device’s web management interface via a local LAN connection and select Basic Settings > Remote Management. If the Enable check box is selected, remote management is enabled for the device.
Guest users are also disabled by default. To determine if a Guest user is enabled, open the device’s web administration interface and select Manage > Users. In Account Activation, verify that the Guest user is inactive.
Solution:
For the Cisco RV130W Wireless-N Multi-Function VPN Router, Cisco has released a free firmware update, which customers can download through the Software Center on Cisco.com, as described below.
For the Cisco RV110W Wireless-N VPN firewall and the Cisco RV215W Wireless-N VPN Router, Cisco has not released and will not release firmware updates to address the vulnerability.