Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug

Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication.

Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication.

The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists in ISE, a network administration product, stems from the improper handling of authentication requests and policy assignment. If an attacker wanted to exploit the vulnerability they could authenticate with a valid external user account that matches an internal username and incorrectly receive the authorization policy of the internal account. If successful the exploit would grant the attacker Super Admin privileges for the engine’s admin portal, Cisco said.

The denial of service vulnerability, which affects VDS, a virtual video infrastructure solution, is tied to the fact that too much stress can be put on the system. In some situations, excessive mapped connections can exhaust allotted resources. If an attacker sent a large amount of traffic to the device, they could easily overload the resources, something that could cause the device to reload, Cisco said in a security advisory Wednesday.

The company fixed a handful of other low lying issues on Wednesday, including four cross-site scripting vulnerabilities, a cross-site request forgery vulnerability, two SQL vulnerabilities, and a directory traversal vulnerability.

Cisco also warned on Thursday that several of its products are vulnerable to a bug involving Open Shortest Path First (OSPF), a routing protocol for IP networks.

Based on Cisco’s description of the bug, it sounds as if several conditions would need to be in place, something that would make the vulnerability difficult to exploit.

“To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router,” Cisco warned. “This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability.”

The company pushed patches for affected products, including devices running IOS or IOS XE that are configured for OSPF, devices running NX-OS and configured for OSPF, and devices running Adaptive Security Appliance (ASA) software configured for OSPF, on Thursday.

The company says devices that don’t have OSPF enabled aren’t affected, nor are the following Cisco products:

  • Cisco IOS XR Software
  • Cisco StarOS Software
  • Cisco Connected Grid Routers
  • Cisco Nexus 1000v Series

If exploited Cisco warns the OSPF vulnerability could let an unauthenticated remote attacker take control of a OSPF domain routing table by injecting crafted OSPF packets. If successful, an exploit could in turn let an attacker intercept or blackhole traffic.

According to NIST’s National Vulnerability Database the vulnerability (CVE-2017-1460) also affects versions 6.1, 7.1, 7.2, and 7.3 of IBM’s i OSPF platform.

IBM fixed the vulnerability, which it claims could be exploited when a rogue router spoofs its origin, last week. A program temporary fix (PTF) for all versions is obtainable via IBM’s FixCentral portal.

Suggested articles