Multiple Vulnerabilities in Cisco Products Could Allow for Unauthorized Access

ITS Advisory Number: 
2016-187
Date(s) Issued: 
Thursday, November 3, 2016
Subject: 
Multiple Vulnerabilities in Cisco Products Could Allow for Unauthorized Access
Overview: 

Multiple Cisco products are prone to vulnerabilities that could allow for unauthorized access. Successful exploitation could potentially allow an attacker to take control of the affected system and perform unauthorized actions.

Systems Affected: 
  • Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software:

    • 3.17.0S

    • 3.17.1S

    • 3.17.2S

    • 3.18.0S

    • 3.18.1S

  • Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier.
    • Cisco Prime Home 5.2.2.2

    • Cisco Prime Home 5.2.2.0

    • Cisco Prime Home 5.1.1.6

    • Cisco Prime Home 5.1.1.0

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple Cisco products are prone to multiple vulnerabilities. These vulnerabilities could allow for unauthorized access. These vulnerabilities are as follows:

  • A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system.

  • A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized--including users with administrator privileges.

Actions: 
  • After appropriate testing, apply applicable patches/updates provided by Cisco to the vulnerable systems.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.