Cisco recently released numerous patches for over 20 vulnerabilities that were a part of its semiannual “Cisco IOS and IOS XE Software Security Advisory Bundled Publication” event. According to the press release, most of these vulnerabilities affect Cisco IOS Software and Cisco IOS XE Software and are rated at a severity rating of “high” with a CVSS Base Score of at least 7.5. Three of the Cisco vulnerabilities, however, were ranked “critical” on the Security Impact Rating and deserve more in-depth coverage.
The first of these Cisco vulnerabilities is (CVE-2018-0151) is named as the “Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability.” The vulnerability results from a flaw in the quality of service subsystem that is a part of the IOS and IOS XE software. The flaw more specifically is caused by, according to Cisco, “incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device.” What it allows for is a denial-of-service attack or code execution, caused by a remote hacker without any authentication, which allows for privilege escalation.
Second on the list of critical vulnerabilities is (CVE-2018-0171), which is the “Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability.” Like the previous critical flaw, this exploit allows for a DoS attack via triggering a reload of a device and also arbitrary code execution. The main cause of this issue is “improper validation of packet data” that occurs in the Smart Install feature.
The final critical vulnerability is (CVE-2018-0150) and has been entitled “Cisco IOS XE Software Static Credential Vulnerability.” The exploit allows a remote attacker to log in to devices running IOS XE with the initial boot’s default username and password. Cisco explains further that "the vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password."
Especially considering the fact that so many of the vulnerabilities allow a hacker access at a privileged state, it is imperative that anyone in danger applies these software patches immediately. Give a cybercriminal an inch and they will run a mile.
Photo credit: Wikimedia