Pierluigi Paganini January 24, 2019

Cisco released security updates for several products, including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers.

Cisco released security updates to address security flaws in several products including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers.

One of the flaws tracked as CVE-2019-1651 has been rated with “critical” severity, it resides in the vContainer component in Cisco SD-WAN solution. The vulnerability could be exploited by a remote, authenticated attacker to cause a DoS condition and in some conditions to execute arbitrary code with root privileges. The attacker can exploit the flaw by sending a specially crafted file that triggers a buffer overflow.

“A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user.” reads the security advisory.

“The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user.”

Cisco also addressed other “high severity” issues in the SD-WAN product that includes flaws that can be exploited to bypass authentication, overwrite arbitrary files, and escalate privileges. In most cases, exploitation requires the attacker to authenticate to the targeted system.

The tech giant addressed two serious issues in Cisco’s Small Business RV320 and RV325 routers. The first one could be exploited by a remote and unauthenticated attacker with admin privileges. to obtain sensitive information, while the second one can be exploited for command injection.

Cisco also fixed multiple “high severity” vulnerabilities in Webex products, including a command execution issue in the Webex Teams client, and five code execution flaws in the Windows versions of Webex Network Recording Player and Webex Player.

The flaws were reported by experts at RedTeam Pentesting firm,

Another vulnerability addressed by Cisco is a DoS issue in the Firepower firewall, it could be exploited by a remote, unauthenticated attacker. Cisco also addressed another in the Cisco IoT Field Network Director product.

The firm also addressed a privilege escalation issue affecting the Identity Services Engine that can be exploited by an attacker to obtain “super admin” permissions.

At the time, Cisco was not aware of any attack in the wild exploiting one of the flaws addressed by the security updates.

Pierluigi Paganini

(SecurityAffairs – Cisco, SD-WAN )

[adrotate banner=”5″] [adrotate banner=”13″]