Attackers can slip through the AiroNET!

  • Post author:
  • Reading time:5 mins read

CISCO security updates


Cisco released 29 updates to address the vulnerabilities in its products. There is one critical vulnerability that was addressed in this set of updates. This vulnerability requires no authentication for exploitation and is remotely exploitable. Using a vulnerability scanning tool, we can track these vulnerabilities. 6 vulnerabilities are rated high in severity out of which 2 are related to Cisco Aironet.  The other products which were affected by important vulnerabilities are Cisco Firepower Management Center, Cisco Wireless LAN Controller, Cisco SPA100 Series Analog Telephone Adapters and Cisco Small Business Smart and Managed Switches


In the limelight: Cisco Aironet

One critical and two high severity flaws were addressed in Cisco Aironet Access Points. Cisco Aironet is a series of wireless access points that cater to a variety of enterprises ranging from midsize environments to large enterprise deployments including indoor warehouse or manufacturing and outdoor environments. Auto patching can help patch these vulnerabilities.

According to the advisory, CVE-2019-15260 is classified as an Unauthorized Access Vulnerability which could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. Cisco explains that the flaw exists due to an insufficient access control for certain URLs on an affected device. An attacker can request specific URLs from an affected access point to exploit the vulnerability which gives him access to the device with elevated privileges. Moreover, this allows the attacker to view sensitive information and modify its contents. In some cases it is also possible to modify the wireless network configuration. It cause denial of service condition by disabling the access point.

The high severity bugs in Cisco Aironet are CVE-2019-15261 and CVE-2019-15264. Cisco explains that these vulnerabilities are due to “improper resource management during CAPWAP message processing” and “insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected Access Point” respectively.  CVE-2019-15261 and CVE-2019-15264, both lead to denial of service in the access points.


Affected products

[table id=10 /]


Impact

Successful exploitation of

  • CVE-2019-15260 allows a remote unauthenticated attacker to gain unauthorized access to a targeted device with elevated privileges.
  • CVE-2019-15264 allows an attacker to restart the device leading to denial of service condition for clients associated with the Access Point.
  • CVE-2019-15261 allows an attacker to crash an internal process of the targeted Access Point(AP), which leads to reloading of the AP. However, this causes a denial of service condition for clients associated with the AP.

Solution

Additionally, Cisco has released a fix for these vulnerabilities and advises customers to install an appropriate update corresponding to the existing version of software(Refer to ‘Fixed Releases’ section of the advisory corresponding to the CVE). It is recommends to apply the updates from the following advisories to ensure complete protection.


Though there have been no instances of active exploitation of these vulnerabilities. Most of the vulnerabilities rated high in severity are exploitable without authentication. Hence, we strongly recommend that these installed at the earliest.