Cisco Systems released a barrage of patches, Thursday, aimed at fixing bugs in the networking giant’s ubiquitous IOS operating system. The patches plug holes in a wide range of products and address denial-of-service, file overwrite and input validation attacks. The advisory was planned and part of Cisco’s IOS and IOS XE Software Security Advisory Bundled Publication.
Twenty-nine of the Cisco bugs are rated high severity, with 13 rated medium in severity. The most noteworthy are a number of vulnerabilities opening the door for remote, unauthenticated attackers to execute arbitrary code on targeted systems.
Two CVEs, tracked as CVE-2020-3421 and CVE-2020-3480, both are tied to a flaw in Cisco’s Zone-Based Firewall. “Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall,” Cisco wrote.
The bulletin also included several other vulnerabilities open to attack by remote unauthenticated and authenticated users. A web UI authorization bypass vulnerability, according to Cisco, “could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.” Similarly, a split Domain Name System DoS bug is also vulnerable to a remote unauthenticated attacker.
“A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition,” wrote Cisco. “An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.”
Local and Adjacent Attacks
Bugs open to exploit by local and adjacent authenticated users also peppered the list of CVEs. For example, one flaw tracked as CVE-2020-3417 impacts any Cisco hardware running Cisco IOS XE’s software and allows a authenticated, local attacker to execute arbitrary code on targeted hardware. “This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set,” according to Cisco.
“An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device,” the bulletin added of CVE-2020-3417.
Vulnerabilities ripe for DoS attacks dominated Cisco’s list of potential exploits. Specific products included in the security bulletin include various SKUs of its Catalyst Embedded Wireless Controller (CVE-2020-3418), cBR-8 Converged Broadband Routers (CVE-2020-3509) and Cisco Aironet Access Point (CVE-2020-3559).