A new set of patches for Cisco products covers three dozens of vulnerabilities, including 13 very dangerous ones. The vast majority of bug fixes were found in various components of the iOS and IOS XE operating systems.
The most serious vulnerability (CVE-2019-12648) was rated 9.9 on the CVSS scale. Apparently, it was introduced when creating the application environment for IOS – IOx, which facilitates the collection and processing of data in IoT networks of industrial enterprises.According to Cisco Bulletin, the problem arose due to improper organization of access control for Linux guest OS on iOS devices. As a result, all users with a minimum set of rights have the opportunity to increase their privileges in the guest OS to root.
“The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user”, — report Cisco specialists.
The vulnerability affects Cisco industrial routers 800 and 1000 series, which run guest OSs.
The remaining high-risk bugs received less than nine points in CVSS; almost all of them face a denial of service.
Read also: VMware has patched six vulnerabilities in its products
Such, for example, is the CVE-2019-1901 buffer overflow error (8.8 points) in the software of Cisco Nexus 9000 series switches operating in the program-oriented infrastructure mode. The vulnerability allows using a special LLDP package filed directly to the device interface to cause a failure or execute any code with root privileges.
“A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges.This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface”, — inform Cisco employees.
Other DoS problems in iOS and IOS XE are rated at 8.6 points on the CVSS scale.