You are currently viewing Cisco Releases Security Updates for Multiple Products

Cisco Releases Security Updates for Multiple Products

  • Post author:
  • Reading time:10 mins read

Cisco has rolled out security patches for critical, high, and medium severity vulnerabilities. In the Advisory, Cisco Security Updates March 2021,  released for Cisco Jabber Desktop and Mobile Client Software has been rated with Critical impact from Cisco. Among the bugs reported, some of the vulnerabilities can be exploited by the attackers to take control of an affected system.


Cisco has released security updates March 2021 for the following products

  • Cisco IOS XE Software
  • Cisco Aironet Access Points (AP)
  • Cisco IOS Software
  • Cisco IOS XE SD-WAN Software
  • Cisco IOx Application Framework
  • Cisco Jabber for Windows, macOS, and mobile platforms

Critical Severity Vulnerabilities

  • CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, CVE-2021-1471 – Vulnerabilities found in Cisco Jabber Desktop and Mobile Client Software. These flaws allow an attacker to perform denial of service conditions, access sensitive information, intercept network traffic, or execute arbitrary programs with elevated privileges on the underlying operating system.

High Severity Vulnerabilities

  • CVE-2021-3449, CVE-2021-3450 – Two vulnerabilities have been reported in OpenSSL Project affecting Cisco products. On successful exploitation of these vulnerabilities, an attacker could use a valid non-certificate authority (CA) certificate and act as a certificate authority to sign a certificate for a user or device, an arbitrary organization, or to cause a denial of service condition.
  • CVE-2021-1431 – The flaw is found to be in the vDaemon process of Cisco IOS XE SD-WAN Software. The issue is due to the improper handling of malformed packets. The bug can be exploited by an unauthenticated, remote attacker by sending crafted traffic to an affected device. On successful exploitation of the vulnerability, an attacker can cause the device to reload, resulting in a denial of service condition.
  • CVE-2021-1432 – The flaw is found to be in the CLI of Cisco IOS XE SD-WAN Software. The issue is due to improper validation of user-supplied input. The bug can be exploited by an authenticated local attacker by injecting arbitrary commands to a file as a low-privileged user. On successful exploitation of the vulnerability, an attacker could execute arbitrary commands as the root user.
  • CVE-2021-1452 – The flaw is found to be in the ROM Monitor (ROMMON) of Cisco IOS XE Software. The issue is due to improper validation of specific function arguments passed to a boot script when specific ROMMON variables are set. An unauthenticated, physical attacker can exploit the vulnerability by setting malicious values for a specific ROMMON variable. On successful exploitation of the vulnerability, an attacker can bypass the image verification check during the secure boot process and execute unsigned code on an affected device.
  • CVE-2021-1352 – The flaw is found to be in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software. The issue is due to improper input validation of DECnet traffic received by an affected device. An unauthenticated, adjacent attacker can exploit the flaw by sending DECnet traffic. On successful exploitation of the vulnerability, an attacker can cause the affected device to reload, resulting in a denial of service condition.
  • CVE-2021-1403 – The flaw is found to be in the web UI feature of Cisco IOS XE Software. The issue is due to improper HTTP protections in the web UI. An unauthenticated, remote attacker can exploit the flaw by convincing an authenticated user of the web UI to follow a crafted link. On successful exploitation of the vulnerability, an attacker can conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service condition on the affected device.
  • CVE-2021-1433 – The flaw is found to be in the vDaemon process in Cisco IOS XE SD-WAN Software. The issue is due to improper bounds checking when the device processes traffic. An unauthenticated, remote attacker can exploit the flaw by sending crafted traffic to the affected device. The attacker must have a man-in-the-middle position. On successful exploitation of the vulnerability, an attacker can conduct a controllable buffer overflow attack (possibly execute arbitrary commands as root user) or cause a device to reload, resulting in the DoS condition.
  • CVE-2021-1442 – The flaw is in the diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software. On successful exploitation of the vulnerability, a locally authenticated attacker can elevate privileges to the level of an Administrator user on the affected device.
  • CVE-2021-1441 – The flaw is in the hardware initialization routines of Cisco IOS XE Software. The issue is due to improper validation of the parameters passed to a diagnostic script that is executed when the device boots up. On successful exploitation of the vulnerability, a locally authenticated attacker can execute unsigned code on the system boot time.
  • CVE-2021-1451 – The flaw is found to be in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software. The issue is due to improper boundary checks for certain values in Easy VSS protocol packets that are received by an affected device. On successful exploitation of the vulnerability, an unauthenticated, remote attacker can execute arbitrary code on the underlying Linux OS on the affected device.
  • CVE-2021-1453 – The flaw is found to be in the software image verification functionality of Cisco IOS XE Software. The issue is due to insufficient checks in the code function that manages the verification of the digital signature. On successful exploitation of the vulnerability, an unauthenticated, physical attacker can execute unsigned code at system boot time.

Some other high severity vulnerabilities fixed by Cisco are: CVE-2021-1375, CVE-2021-1376, CVE-2021-1373, CVE-2021-1449, CVE-2021-1446, CVE-2021-1439, CVE-2021-1437, CVE-2021-1392, CVE-2021-1398


Medium Severity Vulnerabilities

Cisco’s fixes include 21 medium severity vulnerabilities, some of which could be exploited to cause a denial of service conditionsThese vulnerabilities are :

CVE-2021-1220, CVE-2021-1281, CVE-2021-1356, CVE-2021-1371, CVE-2021-1374, CVE-2021-1377, CVE-2021-1381, CVE-2021-1382, CVE-2021-1383, CVE-2021-1384, CVE-2021-1385, CVE-2021-1390, CVE-2021-1391, CVE-2021-1394, CVE-2021-1423, CVE-2021-1434, CVE-2021-1435, CVE-2021-1436, CVE-2021-1443, CVE-2021-1454, CVE-2021-1460


Impact

An attacker can exploit these vulnerabilities to execute arbitrary code and commands with root privileges, intercept network traffic, perform denial of service attacks, gain privilege escalation to root, perform buffer overflow attacks, and directory traversal attacks on the affected systems.


Solution

We recommend installing the necessary Cisco security updates March 2021 as soon as possible to stay protected.