Cisco set severe vulnerabilities across quite a few of its products and solutions this week, like in its Industrial Community Director, Modeling Labs, ASR 5000 Sequence Routers, and BroadWorks Community Server. The flaws can guide to administrative command injection, authentication bypass, distant privilege escalation and denial of services.
The Cisco Industrial Community Director (IND), a community checking and management server for operational engineering (OT) networks, received patches for two vulnerabilities rated essential and medium respectively. These were being mounted in model 1.11.3 of the application.
The crucial flaw, CVE-2023-20036, is in the website-based mostly person interface of Cisco IND and could allow for authenticated remote attackers to execute arbitrary commands on the underlying Windows running procedure with administrative privileges (NT AUTHORITYSYSTEM). The vulnerability is the final result of inadequate input validation in the features that permits customers to upload System Packs.
The medium-danger flaw fastened in Cisco IND, CVE-2023-20039, is the end result of insufficiently powerful file permissions by default on the application knowledge listing. A thriving exploit could make it possible for an authenticated attacker to access sensitive info and documents from this directory.
Cisco Modeling Labs flaw could permit for unauthorized remote access
Cisco Modeling Labs, an on-premise community simulation software, has a important vulnerability (CVE-2023-20154) that final results from processing particular messages from an exterior LDAP authentication server, which could enable an unauthenticated distant attacker to gain access to the tool’s website interface with administrative privileges. This would give them accessibility to perspective and modify all simulations and consumer-established facts.
The flaw impacts Modeling Labs for Schooling, Modeling Labs Organization and Modeling Labs – Not For Resale, but not Modeling Labs Private and Private Moreover. It can only be exploited if the external LDAP server is configured in a way that it responds to research queries with a non-empty array of matching entries. The configuration of the LDAP server can be altered by an administrator to mitigate this flaw as a short-term workaround, but consumers are advised to enhance Modeling Labs to version 2.5.1 to resolve the vulnerability.
Privilege escalation probable with Cisco StarOS flaw
The Cisco StarOS Software package which is utilised on ASR 5000 Sequence Routers, but also on the Virtualized Packet Main – Distributed Instance (VPC-DI) and Virtualized Packet Core – Solitary Occasion (VPC-SI) methods, has a higher-chance vulnerability (CVE-2023-20046) in its implementation of crucial-based SSH authentication.
In distinct, if an attacker sends an authentication ask for around SSH from an IP deal with configured as the resource for a significant-privileged account, but in its place gives the SSH crucial for a low-privileged account, the method will authenticate them as the higher-privileged account even even though they did not deliver the accurate SSH vital. This results in privilege escalation and is the end result of insufficient validation of the supplied credentials.
As a workaround, directors could configure all person accounts that are authorised for SSH critical-centered authentication to use unique IP addresses. However, Cisco endorses upgrading to a preset edition of the software.
Cisco BroadWorks vulnerability could guide to denial of support
The Cisco BroadWorks Community Server gained a patch for a superior-hazard vulnerability (CVE-2023-20125) in its TCP implementation that could direct to a denial-of-company situation. The flaw benefits from a absence of rate limiting for incoming TCP connections, allowing for unauthenticated remote attackers to send a high amount of TCP connections to the server and exhaust its procedure assets. Prospects are recommended to deploy the AP.ns.23..1075.ap385072.Linux-x86_64.zip or RI.2023.02 patches.
Cisco also patched quite a few medium-hazard flaws this week in its TelePresence Collaboration Endpoint and RoomOS, Cisco SD-WAN vManage Computer software and the Cisco Packet Knowledge Network Gateway. These can final result in arbitrary file create, arbitrary file deletion and IPsec ICMP denial of service.