Multiple Vulnerabilities in Cisco Products Could Allow for Denial of Service Conditions

ITS Advisory Number: 
2016-074
Date(s) Issued: 
Thursday, April 21, 2016
Subject: 
Multiple Vulnerabilities in Cisco Products Could Allow for Denial of Service Conditions
Overview: 

Multiple Cisco products are prone to multiple vulnerabilities that could allow for denial of service conditions. Successful exploitation could potentially allow an unauthenticated, sometimes remote, attacker to take control of the affected system and cause conditions resulting in a denial of service.

Systems Affected: 
  • Cisco WLC devices running the following releases of Cisco AireOS Software:
    • Releases 4.1 through 7.4.120.0
    • All 7.5 releases
    • Release 7.6.100.0
  • Cisco ASA Software running on the following products:
    • Cisco ASA 5500-X Series Next-Generation Firewalls
    • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
    • Cisco Adaptive Security Virtual Appliance (ASAv)
  • The following releases of Cisco WLC Software:
    • All 7.2 releases
    • All 7.3 releases
    • All 7.4 releases prior to 7.4.140.0(MD)
    • All 7.5 releases
    • All 7.6 releases
    • All 8.0 releases prior to 8.0.115.0(ED)
  • The following Cisco products
    • Cisco WebEx Meetings Server versions 1.x CSCux00729  
    • Cisco WebEx Meetings Server versions 2.x CSCux00729 2.6.1 and 2.7 (June 2016)
    • Cisco Jabber CSCux00711 11.6
    • Cisco Adaptive Security Appliance (ASA) Software1
      • CSCux00686 8.4.7.31
      • 9.1.7
      • 9.2.4.6
      • 9.3.3.8
    • Cisco IOS XE Software2
      • CSCux04317 3.14.3S
      • 3.13.5S
      • 3.16.2S
      • 3.10.7S
      • 3.17.1S
      • 3.15.3S
    • Cisco IP Phone 88x1 Series CSCux00708 11.0(1)
    • Cisco DX Series IP Phones CSCux00697 10.2(5) 
    • Cisco IP Phone 88x5 Series CSCux00748 11.0(1)
    • Cisco Unified 7800 Series IP Phones CSCux00742 11.0(1)
    • Cisco Unified 8831 Series IP Conference Phone CSCux01782  
    • Cisco Unified 8961 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
    • Cisco Unified 9951 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
    • Cisco Unified 9971 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
    • Cisco Unified Communications Manager (UCM) CSCux00716 10.5(2)SU3
    • Cisco Unified Communications Manager Session Management Edition (SME) CSCux00716 10.5(2)SU3
    • Cisco Unified IP Phone 7900 Series CSCux00745 9.4(2)SR2
    • Cisco Unified IP Phone 8941 and 8945 (SIP) CSCux01786  
    • Cisco Unified Wireless IP Phone CSCux37802 1.4.8.4
    • Cisco Unity Connection (UC) CSCux35568 10.5(2)SU3
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Multiple Cisco products are prone to multiple vulnerabilities. Some of these vulnerabilities could allow for unauthorized remote access causing denial of service conditions. These vulnerabilities are as follows:

  • A vulnerability in the web-based management interface of the Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS software could cause an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to the presence of unsupported URLs in the web-based device management interface. This vulnerability is rated with a base CVSS Score of 7.8 [CVE-2016-1362]
  • A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic. This vulnerability affects Cisco ASA Software release 9.4.1 only. This vulnerability is rated with a base CVSS Score of 7.8 [CVE-2016-1367]
  • A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is rated with a base CVSS Score of 7.8 [CVE-2016-1364]
  • A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device. This vulnerability is rated with a base CVSS Score of 10.0 [CVE-2016-1363]
  • Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library. The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. This vulnerability has a base CVSS Score of 7.8 [CVE-2015-6360]
Actions: 
  • After appropriate testing, apply applicable patches/updates provided by Cisco to the vulnerable systems.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.