cyberattackstockimage100607242orig

Cisco drops critical security warning on VPN router, 3 high priority caveats

Cisco today warned user of a critical vulnerability in its CVR100W Wireless-N VPN router execute that could let an attacker issues arbitrary code or cause a denial of service situation.

The company also issues three “High” level impact warnings advisories on its IOS XR Software, Teleprescence and Aironet wireless access point products.

On the Critical warning, Cisco said a vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could let an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service (DoS).

+More on Network World: Cisco fires back at VMware decision to whack third party virtual switches+

“The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22,” Cisco wrote.

The high impact advisories include:

  • A vulnerability in the Event Management Service daemon of Cisco IOS XR routers, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover.
  • A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1.
  • A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first-time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device.  Cisco wrote that it has confirmed that the only vulnerable software version for this advisory is 8.3.102.0 on the following products running either the Lightweight AP Software or Mobility Express images: Cisco Aironet 1800 Series Access Points; Aironet 2800 Series Access Points; Aironet 3800 Series Access Points.

Cisco said it has released software updates that address all the vulnerabilities.

+More on Network World: Cisco grabs-up SD-WAN player Viptela for $610M+

The company also released 6 medium impact security advisories around its FirePower series, Wide Area Application Services SMART-SSL Accelerator; Cisco Finesse for Cisco Unified Contact Center; CVR100W Wireless-N VPN Router; Cisco Unity Connection ImageID; and continued warnings of multiple vulnerabilities in OpenSSL.

IDG Insider

PREVIOUS ARTICLE

« How to size up a new cloud service like low-priced Wasabi

NEXT ARTICLE

Jelly makes me long for an Android phone small enough to get lost in my pocket »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?