Cisco has issued 31 security tips this week, but has focused users' attention on "critical" patches for IOS and IOS XE Software Cluster Management, and IOS for Cisco ASN 9000 Series routers. Some other vulnerabilities also need attention if clients use Cisco wireless LAN controllers.
The first critical patch concerns the vulnerability of the Cisco Cluster Management (CMP) management code on Cisco IOS and Cisco IOS XE that could allow an unauthorized remote attacker to send distorted CMP settings during a session Telnet with a Cisco device configured to accept such connections. A exploit could allow an attacker to execute arbitrary code and gain full control of the device or cause the device to restart.
According to the company, the cluster management protocol uses Telnet internally as a signaling and command protocol among cluster members. Vulnerability is due to a combination of two factors:
The failure to restrict the use of Telnet CMP options to internal local communications between members of the cluster and to accept such settings through any Telnet connection on a device.
Incorrect processing of distorted Telnet CMP settings.
Cisco reports that the vulnerability can be recognized during validation of the Telnet connection via IPv4 or IPv6. Sending distorted settings to Telnet sessions through the device is not a vulnerability.
The company says there are no solutions to this problem, but disabling Telnet as a permitted protocol for incoming connections would eliminate the exploit factor. Cisco recommends disabling Telnet and replacing it with the SSH protocol. Information on how to do both can be found in the Cisco IOS Device Guide.
The second critical patch concerns a vulnerability in the sysadmin virtual machine (VM) on the Cisco ASR 9000 class routers running Cisco IOS XR 64-bit software. The software could allow a remote attacker to access internal applications running on the sysadmin VM.
The company said the vulnerability is due to a poor isolation of secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability if they were connected to one of the internal applications. A successful attack could lead to unstable conditions, including both DoS and remote unauthorized access to the device.
Finally, Cisco wrote that many vulnerabilities in the Cisco Wireless LAN Controller (WLC) GUI configuration could allow an authorized remote attacker to force the device to reboot suddenly during device configuration when the administrator is using it the GUI on a device. The attacker should have valid administrator credentials on the device to operate this exploit, Cisco said.
"These vulnerabilities are due to incomplete input validation for inappropriate configuration settings that the attacker can submit when accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by certifying the device and submitting information from users when they used the GUI's functional GUI configuration, "said Cisco, and added," These vulnerabilities have been identified as "high risk" because they could to be exploited when security updates are not installed ".
The company released software updates that address these vulnerabilities and said there are no other solutions to the issue.