Cisco issued four, moderate-severity security notices over the weekend, informing users of vulnerabilities in the company’s Adaptive Security Appliance and IOS XR software, its unified computing system, and wireless LAN controllers.
Cisco warned of a vulnerability (CVE-2013-3470), affecting the networking giant’s widely-deployed IOS XR carrier routing software. The bug exists in that software’s routing information protocol processes, and an unauthenticated, remote attacker could exploit it in order to crash the RIP process. The vulnerability arises from insufficient packet input validations and an attacker can exploit it by sending a specially crafted version of this packet, causing the process to crash on vulnerable devices.
The company also issued an advisory warning users that an integral part of its unified computing system (UCS), a piece of software widely deployed on data center servers, contains a memory leak vulnerability (CVE-2013-3467). The flaw lives in the company’s 6100 Series Fabric Interconnects, and an authenticated, local attacker could exploit it to trigger a memory leak. The advisory warns that the vulnerability is exploitable if an attacker executes either the “show monitor session all” or the “show monitor session” command-line interface. The attack would need to be performed locally on an affected device but could cause that device to exhaust its memory and reset.
Cisco also warned users that an unauthenticated, remote attacker could exploit a vulnerability (CVE-2013-3463) in its Adaptive Security Appliance (ASA) software, potentially causing a denial of service condition on affected systems. The attacker could fill in the ASA’s connection table with fake information and prevent new connections from passing through the device. The vulnerability arises from the ASA’s refusal to honor the idle timeout for certain protocol inspected elements.
Cisco’s final advisory warned users that a vulnerability (CVE-2013-3474) in the Web administrator interface of Cisco’s wireless LAN controllers (WLC) could allow an authenticated, remote attacker to cause a denial of service condition. The bug is caused by the software’s failure to properly validate certain parameters ahead of processing on affected devices. To exploit it, an attacker would need to be authenticated to the level of full manager, read only, or lobby ambassador but could then submit a malformed-value-containing request targeting specific parameters to vulnerable devices, causing a denial of service condition during the system reboot process.
It appears that Cisco has built fixes for these bugs, but will not ship the fixes to their customers.
“The Cisco Product Security Incident Response Team (PSIRT) publishes Cisco Security Notices to inform customers of low- to mid-level severity security issues involving Cisco products,” the company says in its notices. “Customers who wish to upgrade to a software version that includes fixes for these issues should contact their normal support channels. Free software updates will not be provided for issues that are disclosed through a Cisco Security Notice.