UPDATE Cisco is warning users this week that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities, including one critical one.
Cisco warned about the most pressing issue, a critical vulnerability in its Prime Collaboration Assurance software, shortly after noon Wednesday. The problem stems from the fact that there’s an undocumented account in the software which has a default and static password that cannot be changed or deleted, Cisco claims. An attacker could use this account to log into the system shell. From there they could access the system, including sensitive data – like password and system logs, modify data, and even run executables.
Cisco has released an update for the issue but also insists users can login to the system, change that default password as a workaround.
Cisco also warned of a vulnerability marked ‘High’ on Wednesday. This issue lies in a Java deserialization by Apache Commons Collections, and was initially dug up last month by researchers at Foxglove Security. Apache Commons Collections is a library used in some of its products, but it’s unclear exactly how many of those products are affected. According to Cisco’s advisory, the company’s security team is in the middle of investigating nearly 100 different builds of software. Cisco does plan on releasing updates for the vulnerability as the bug could let a remote attacker execute arbitrary code.
The company published five additional advisories across Monday and Tuesday warning of other issues — all which are being marked “medium” severity.
While they all sound pressing, the most concerning vulnerability of the batch, at least as far as CVSS scores go, is an access vulnerability (6.5) in the web interface of its Prime Service Catalog. A catalog is a cloud computing service request catalog of sorts that the company produces for data centers. Some webpages that correspond to the catalog are missing access controls, meaning that if an attacker knew the URLs of the site, he could enter them into a browser, access the pages directly, and submit a configuration change to the targeted system.
Two different wireless residential gateways the company makes are vulnerable to bugs as well.
One Gateway, EPC3928 suffers from what the Cisco calls “insufficient input validation of user-supplied value and a lack of encoding of user-supplied data,” something that opens it up to cross-site scripting (XSS) attacks. The Gateway also lacks a level of authentication that’s required to carry out some administrative functions. This means that an attacker could send a rigged HTTP request to the Gateway that could allow him to execute some admin functions without authentication.
An issue in another Gateway, DPQ3925, could lead to a cross-site request forgery (CSRF) attack, the company claims. If an attacker convinced a user to follow a malicious link, they could potentially submit arbitrary requests to the device via the web browser with the privileges of that user.
Lastly, a vulnerability in the web interface of a router Cisco manufactures, DPC3939.Improper user input validation in the router could allow an attacker to exploit the bug and execute arbitrary commands on the system.
Cisco is warning customers there are no updates or workarounds for any of the vulnerabilities but also adds that it’s not aware of anyone leveraging the vulnerabilities to carry out malicious attacks on systems.