Cisco Systems released fixes for 15 vulnerabilities in three of its major product lines on Wednesday, including two different security appliances. The vulnerabilities would either allow an attacker to remotely execute code on a compromised machine, or execute a denial-of-service attack. Cisco said it is not aware of public exploits for any of the vulnerabilities.
Cisco’s ASA 550 Series Adaptive Security Appliances and the Cisco Catalyst 6500 Series ASA Services Module, network security appliances and tools that handle firewall, remote access, intrusion prevention and traffic inspection duties were susceptible to five DoS vulnerabilities, including DHCP memory allocation, SSL VPN authentication, SIP inspection media update, and two DCERPC inspection flaws. A DCERPC inspection buffer overflow vulnerability was also repaired.
“Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device. Exploitation of the DCERPC Inspection Buffer Overflow Vulnerability could additionally cause a stack overflow and possibly the execution of arbitrary commands,” Cisco said in an alert.
Cisco cautioned that Cisco PIX security appliances could also be vulnerable; these appliances are no longer supported by the networking vendor, which suggests an upgrade to the latest ASA 5500 appliances.
Cisco also warned of DCERPC inspection buffer overflow and DoS vulnerabilities in Cisco Firewall Services Module for Cisco Catalyst 6500 Series Switches, and Cisco 7600 Series Routers. Cisco FWSM provides deep-packet inspection and stateful packet filtering. An attack exploiting either of these unrelated flaws could either crash the networking gear, or allow an attacker to execute arbitrary commands. The module for the switches and routers is vulnerable only when DCERPC is enabled; the protocol, which is used by Microsoft distributed client and server apps for remote administration, is not enabled by default.
Cisco said either vulnerability can only be triggered by IPv4 or IPv6 traffic and only transit traffic can be used to exploit the flaw. One workaround, Cisco suggested, is to disable DCERPC inspection.
The company also reported six buffer overflow vulnerabilities in the Cisco WebEx Recording Format (WRF) Player. Attackers could remotely exploit the player to gain user privileges on compromised machines. WRF Player is used to play back previous WebEx recordings and can be automatically installed when a user accesses a recording file hosted on a WebEx meeting site, Cisco said in its advisory.
Windows, Mac OS X and Linux versions are vulnerable. T28 client builds prior to T28.4 and T27 prior to 27.32.10 are vulnerable to exploit. Four buffer overflow, a memory corruption flaw and a heap overflow vulnerability were repaired, Cisco said. Exploits could cause the player to crash or enable remote code execution should the player open a malicious WRF file. Attackers would need to send the victim to a malicious website or send the file via email.