Multiple Vulnerabilities in Cisco Products Could Allow for Administrator Privileges

ITS Advisory Number: 
2020-088
Date(s) Issued: 
Friday, July 3, 2020
Subject: 
Multiple Vulnerabilities in Cisco Products Could Allow for Administrator Privileges
Overview: 

Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for an attacker gaining administrator privileges. Cisco is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining administrator privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

THREAT INTELLIGENCE:

There is currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • Cisco AnyConnect Secure Mobility Client for Mac OS releases earlier than 4.9.00086

  • Cisco Digital Network Architecture Center releases earlier than 1.2.10

  • Cisco Identity Services Engine releases earlier than 2.6 Patch 7

  • Cisco 250 Series Smart Switches

  • Cisco 350 Series Managed Switches

  • Cisco 350X Series Stackable Managed Switches

  • Cisco 550X Series Stackable Managed Switches

  • Cisco Small Business 200 Series Smart Switches

  • Cisco Small Business 300 Series Managed Switches

  • Cisco Small Business 500 Series Stackable Managed Switches

  • Cisco Small Business RV042 and RV042G Routers firmware releases earlier than Release 4.2.3.14

  • Cisco Unified Communications Manager

  • Cisco Unified Communications Manager Session Management Edition

  • Cisco Unified Communications Manager IM and Presence Service

  • Cisco Unity Connection

  • Cisco Unified Customer Voice Portal releases 12.5(1) and earlier

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could result in an attacker gaining administrator privileges. These vulnerabilities can be exploited when maliciously crafted packets are sent to the vulnerable device. Details of the vulnerabilities are as follows: 

  • A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. (CVE-2020-3297)

  • A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. (CVE-2020-3431)

  • Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. (CVE-2020-3340)

  • A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. (CVE-2020-3391)

  • A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. (CVE-2020-3402)

  • A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. (CVE-2020-3420)

  • A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. (CVE-2020-3282)

  • A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. (CVE-2020-3432) 

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining administrator privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Actions: 

*         After appropriate testing, immediately apply the patches or mitigations provided by Cisco to vulnerable systems. 

*         Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

*         Remind users not to visit websites or follow links provided by unknown or untrusted sources.

*         Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

*         Apply the Principle of Least Privilege to all systems and services.