Multiple Vulnerabilities in Cisco Products

On September 5, Cisco officially released 30 security reports on different levels of vulnerability in its products, including three serious vulnerabilities.

Vulnerability description

CVE-2018-11776

Apache Struts2 Remote Code Execution Vulnerability (CVE-2018-11776) Affects Cisco Products (Critical)

A vulnerability in Apache Struts2 could allow an unauthenticated remote attacker to execute arbitrary code on the target system.

Affected products:

The following table lists the Cisco products affected by this vulnerability, and products or services not listed in the following table should be considered vulnerable. The vulnerable products marked with an asterisk (*) contain the affected Struts libraries, but the way the library is used in the product, which is not susceptible to any utilisation vectors currently known by Cisco.

Product Cisco bug ID Fixed version availability
Collaboration and social media
Cisco SocialMiner * CSCvk78903 The patch will be released on September 11, 2018
Endpoint client and client software
Cisco Prime Service Catalog * CSCvm13989
Network and content security devices
Cisco Identity Services Engine (ISE) CSCvm14030 The patch file was released on August 31, 2018.
Voice and unified communications equipment
Cisco Emergency Responder * CSCvm14044
Cisco Finesse * CSCvk78905 The patch will be released on September 7, 2018.
Cisco Hosted Collaboration Solution for Contact Center * CSCvm14052
Cisco MediaSense * CSCvk78906
Cisco Unified Communications Manager * CSCvm14042
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) * CSCvm14049
Cisco Unified Contact Center Enterprise * CSCvm13986
Cisco Unified Contact Center Enterprise – Live Data server * CSCvk78902 The patch will be released on September 7, 2018.
Cisco Unified Contact Center Express * CSCvm21744
Cisco Unified Intelligence Center * CSCvm13984
Cisco Unified Intelligent Contact Management Enterprise * CSCvm13986
Cisco Unified SIP Proxy Software * CSCvm13980
Cisco Unified Survivable Remote Site Telephony Manager * CSCvm13979
Cisco Unity Connection * CSCvm14043
Cisco Virtualized Voice Browser * CSCvm14056
Video, streaming, telepresence and transcoding devices
Cisco Video Distribution Suite for Internet Streaming (VDS-IS) * CSCvm14027 2.3.35 (September 15, 2018)
Cisco Cloud Hosting Service
Cisco Network Performance Analysis CSCvm14040

Solution:

Solutions for affected Cisco products or services will be recorded in Cisco bugs for specific products or specific services, see “Cisco bug ID” in the table above for access.

CVE-2018-0435 (Critical)

A vulnerability exists in the Cisco Umbrella API that could allow an authenticated remote attacker to view and modify data in their organisation and other organisations.

This vulnerability is caused by insufficient authentication configuration for the Cisco Umbrella API interface. Successful exploitation of this vulnerability could allow an attacker to read or modify data across multiple organisations.

CVSS 3.0 Rating:

Base 9.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H/E:X/RL:X/RC:X

Affected products:

This vulnerability affects the Cisco Umbrella service.

Solution:

Cisco has fixed the vulnerability in the Cisco Umbrella production API. No user action is required to apply the patch.

CVE-2018-0423 (Critical)

Vulnerabilities in the Web Management Interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multi-Function VPN Router, and Cisco RV215W Wireless-N VPN Router may allow unauthenticated remote attackers to cause a denial of service attack or perform arbitrary Code.

The vulnerability is caused by improper input boundary restrictions provided by the user in the Guest user function of the Web Management Interface. An attacker could exploit this vulnerability by sending a malicious request to the target device, triggering a buffer overflow. Successful exploitation of this vulnerability could allow an attacker to stop a device from responding, resulting in a denial of service attack or allowing an attacker to execute arbitrary code.

CVSS 3.0 Rating:

Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Affected products:

This vulnerability affects all versions of the following Cisco products:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

The device is vulnerable to attacks only when the Guest user of the Web Management Interface is enabled. The web management interface for these devices is available through a local LAN connection or remote management capabilities.

By default, remote management is disabled for affected devices. To determine if the remote management feature is enabled, open the device’s web management interface via a local LAN connection and select Basic Settings > Remote Management. If the Enable check box is selected, remote management is enabled for the device.

Guest users are also disabled by default. To determine if a Guest user is enabled, open the device’s web administration interface and select Manage > Users. In Account Activation, verify that the Guest user is inactive.

Solution:

For the Cisco RV130W Wireless-N Multi-Function VPN Router, Cisco has released a free firmware update, which customers can download through the Software Center on Cisco.com, as described below.

For the Cisco RV110W Wireless-N VPN firewall and the Cisco RV215W Wireless-N VPN Router, Cisco has not released and will not release firmware updates to address the vulnerability.