Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution

Description:

Multiple vulnerabilities have been discovered in Cisco products, including Apache Struts running on Cisco products, Cisco SD-WAN Solution, Cisco Integrated Management Controller, Cisco Umbrella API, Cisco RV110W, RV130W, and RV215W Routers, Cisco Webex Meetings Suite (WBS31), Cisco Webex Meetings Suite (WBS32), Cisco Webex Meetings Suite (WBS33), Cisco Webex Meetings, Cisco Webex Meetings Server, Cisco Meeting Server, Cisco Umbrella ERC, Cisco Prime Access Registrar, Cisco Prime Access Registrar Jumpstart, Cisco Prime Collaboration Assurance, Cisco Packaged Contact Center Enterprise, Cisco Data Center Network Manager, Cisco Tetration Analytics, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure, Cisco Email Security Appliance, Cisco Cloud Services Platform 2100, Cisco Secure Access Control Server.

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Security Issues Fixed:

Multiple vulnerabilities have been discovered in Cisco products including Apache Struts running on various Cisco products, Cisco SD-WAN Solution, Cisco Integrated Management Controller, Cisco Umbrella API, Cisco RV110W, RV130W, and RV215W Routers, Cisco Webex Meetings Suite (WBS31), Cisco Webex Meetings Suite (WBS32), Cisco Webex Meetings Suite (WBS33), Cisco Webex Meetings, Cisco Webex Meetings Server, Cisco Meeting Server, Cisco Umbrella ERC, Cisco Prime Access Registrar, Cisco Prime Access Registrar Jumpstart, Cisco Prime Collaboration Assurance, Cisco Packaged Contact Center Enterprise, Cisco Data Center Network Manager, Cisco Tetration Analytics, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure, Cisco Email Security Appliance, Cisco Cloud Services Platform 2100, Cisco Secure Access Control Server. Details of these vulnerabilities are as follows:

  • A vulnerability in Apache Struts could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system. (CVE-2018-11776)
  • A vulnerability in the Cisco Umbrella API could allow an authenticated remote attacker to view and modify data across their organization and other organizations. (CVE-2018-0435)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to cause a denial of service condition or to execute arbitrary code. (CVE-2018-0423)
  • A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. (CVE-2018-0422)
  • A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated remote attacker to view and modify data for an organization other than their own organization. (CVE-2018-0436)
  • A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated local attacker to elevate privileges to Administrator. To exploit the vulnerability the attacker must authenticate with valid local user credentials. (CVE-2018-0437, CVE-2018-0438)
  • A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. (CVE-2018-0434)
  • A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated local attacker to inject arbitrary commands that are executed with root privileges. (CVE-2018-0433)
  • A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated remote attacker to gain elevated privileges on an affected device. (CVE-2018-0432)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to gain access to sensitive information. (CVE-2018-0426)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an authenticated remote attacker to execute arbitrary commands. (CVE-2018-0424)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to gain access to sensitive information. (CVE-2018-0425)
  • A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. (CVE-2018-0421)
  • A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated remote attacker to inject and execute arbitrary commands with root privileges on an affected device. (CVE-2018-0430, CVE-2018-0431)
  • A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. (CVE-2018-0440)
  • A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. (CVE-2018-0457)
  • A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. (CVE-2018-0452)
  • A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. (CVE-2018-0451)
  • Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface or conduct a cross-site request forgery (CSRF) attack. (CVE-2018-0444, CVE-2018-0445)
  • A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. (CVE-2018-0458)
  • A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. (CVE-2018-0463)
  • A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to read any file on an affected system. (CVE-2018-0460)
  • A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to perform a denial of service (DoS) attack against an affected system. (CVE-2018-0462)
  • A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to cause an affected system to reboot or shut down. (CVE-2018-0459)
  • A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. (CVE-2018-0439)
  • A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to bypass certain content filters on an affected device. (CVE-2018-0447)
  • A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. (CVE-2018-0450)
  • A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated remote attacker to perform command injection. (CVE-2018-0454)
  • A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated remote attacker to gain read access to certain information in an affected system. (CVE-2018-0414)

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Affected Products and Solution:

  • Apache Struts running on the following products: Cisco SocialMiner, Cisco Prime Service Catalog, Cisco Identity Services Engine (ISE), Cisco Emergency Responder, Cisco Finesse, Cisco Hosted Collaboration Solution for Contact Center, Cisco MediaSense, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service (formerly CUPS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Enterprise – Live Data server, Cisco Unified Contact Center Express, Cisco Unified Intelligence Center, Cisco Unified Intelligent Contact Management Enterprise, Cisco Unified SIP Proxy Software, Cisco Unified Survivable Remote Site Telephony Manager, Cisco Unity Connection, Cisco Virtualized Voice Browser, Cisco Video Distribution Suite for Internet Streaming (VDS-IS)
  • Cisco SD-WAN Solution running on the following products: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vManage Network Management System, vEdge Cloud Router Platform, vSmart Controller Software, vBond Orchestrator Software
  • Cisco Integrated Management Controller running on the following products: Cisco UCS C-Series, Cisco UCS E-Series, 5000 Series Enterprise Network Compute System (ENCS)
  • Cisco Umbrella API
  • Cisco RV110W, RV130W, and RV215W Routers
  • Cisco Webex Meetings
  • Cisco Webex Meetings Suite (WBS31, WBS32, WBS33)
  • Cisco Webex Meetings Server
  • Cisco Meeting Server
  • Cisco Umbrella ERC
  • Cisco Prime Access Registrar
  • Cisco Prime Access Registrar Jumpstart
  • Cisco Prime Collaboration Assurance
  • Cisco Packaged Contact Center Enterprise
  • Cisco Data Center Network Manager
  • Cisco Tetration Analytics
  • Cisco Network Services Orchestrator
  • Cisco Enterprise NFV Infrastructure
  • Cisco Email Security Appliance
  • Cisco Cloud Services Platform 2100
  • Cisco Secure Access Control Server

References:

Cisco:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cimc-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-tetration-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-tetration-vulns

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pca-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-meeting-csrf

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-esa-url-bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-csp2100-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

Leave a Reply

Your email address will not be published. Required fields are marked *