Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

ITS ADVISORY NUMBER:
2020-012

DATE(S) ISSUED:
Friday, January 24, 2020

SUBJECT:
Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

OVERVIEW:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution with administrative privileges on the affected system. An attacker could gain administrative access to the web-based management interface of the affected device.

SYSTEMS AFFECTED:

Cisco Firepower Management Center (FMC)
Cisco TelePresence Integrator C Series
Cisco TelePresence MX Series
Cisco TelePresence SX Series
Cisco TelePresence System EX Series
Cisco Webex Board
Cisco Webex DX Series
Cisco Webex Room Series
Cisco IOS XE SD-WAN Software releases 16.11 and earlier
Cisco SD-WAN Solution vManage Software Release 18.4.1
Cisco Smart Software Manager On-Prem releases earlier than 7-201910
Cisco IOS XR Software later than 6.6.1
Cisco IOS XR Software later than 6.6.1 and are configured for BGP on a device with the L2VPN EVPN address family
Cisco IOS XR Software releases earlier than 6.6.3, 7.0.2, 7.1.1, or 7.2.1 and they configured with both the IS-IS routing protocol and SNMP versions 1, 2c, or 3.

RISK:
Government:
Large and medium government entities: High
Small government entities: Medium

Business:
Large and medium business entities: High
Small business entities: Medium

Home Users: Low

DESCRIPTION:
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution with administrative privileges on the affected system. Details of these vulnerabilities are as follows:

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. (CVE-2019-16028)
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. (CVE-2020-3143)
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. (CVE-2019-1950)
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. (CVE-2020-3115)
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. (CVE-2019-16029)
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. (CVE-2019-16018)
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. (CVE-2019-16019, CVE-2019-16020, CVE-2019-16021, CVE-2019-16022, CVE-2019-16023)
A vulnerability in the implementation of the Intermediate System-to-Intermediate System (IS-IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS-IS process. (CVE-2019-16027)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution with root privileges on the affected system. An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

ACTIONS:

After appropriate testing, immediately install the update provided by Cisco.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to visit websites or follow links provided by unknown or untrusted sources.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Cisco:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

CISA:
https://www.us-cert.gov/ncas/current-activity/2020/01/23/cisco-releases-...

Security Week:
https://www.securityweek.com/cisco-patches-critical-vulnerability-networ...

Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

Translation Services