CISCO warns customers of high-severity flaws in modems and gateways

Cisco released a series of software updates to patch several high severity flaws in its cable modems, residential gateways and security appliances.

Cisco just patched critical vulnerabilities in its cable modems, residential gateways and security appliances.

The security updates released this week fix serious flaws in Cisco residential reported by Kyle Lovett, and Chris Watts from Tech Analysis firm.

Kyle Lovett has found an information disclosure vulnerability (CVE-2016-1325) that allows a remote unauthenticated attacker to access sensitive data on vulnerable CISCO devices (Cisco DPC3941 Wireless Residential Gateway with Digital Voice and the DPC3939B Wireless Residential Voice Gateway).

“A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. ” states the CISCO advisory. “The vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.”

Chris Watts discovered another a denial-of-service (DoS) flaw (CVE-2016-1326) affecting the Cisco DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway that could be exploited by a remote unauthenticated attacker to cause the device to become unresponsive.

“A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service (DoS) condition.” states the Cadvisory.

Watts also discovered a second remote code execution vulnerability (CVE-2016-1327) in Cable Modem with Digital Voice models DPC2203 and EPC2203 that can be exploited by a remote attacker to trigger a buffer overflow and run execute arbitrary code by sending a specially crafted HTTP request to vulnerable devices.

“A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.” states the CAdvisory.

“The vulnerability is due to improper input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.”

CISCO warned its customers also about a DoS vulnerability (CVE-2016-1312) affecting the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM). The flaw affects the way the devices handle HTTPS packets, allows a remote unauthenticated attacker to reload affected devices by flooding it with HTTPS packets.

“A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. ” reports the advisory.

“The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate. “

If you or your organization uses one of the vulnerable devices affected by the vulnerabilities apply the security updates.

Pierluigi Paganini

(Security Affairs – cyber security, hacking)