Pierluigi Paganini November 04, 2016

Cisco issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home servers.

Cisco has issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home server and cloud-based network management platform.

The company published two security advisories to report the issues to his customers. One of the security advisories warns service providers running Cisco ASR 900 Series routers of a flaw, tracked as CVE-2016-6441, in the Transaction Language 1 (TL1) code of the router. This flaw could be exploited remotely by an unauthenticated attacker to execute arbitrary code or force the reload of the affected equipment.

“A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system.” reads the advisory.

“The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system.”

The company has made available the updates to fix the flaw and also workarounds to temporarily address the vulnerability.

The second flaw is a critical authentication bypass vulnerability, tracked as CVE-2016-6452, that resides in the web-based graphical user interface of Cisco Prime Home. The flaw could be exploited by a remote attacker to bypass authentication.

The flaw could be exploited by sending a crafted HTTP request to a specific URL that allow the attacker to obtain a valid session identifier for an arbitrary user.

“A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.” reads the advisory published by Cisco. 
“The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized—including users with administrator privileges.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco 900 series routers, hacking)