Vulnerabilities in Cisco Cloud Services Platform Could Allow for Arbitrary Command Execution

ITS Advisory Number: 
2016-163
Date(s) Issued: 
Thursday, September 22, 2016
Subject: 
Vulnerabilities in Cisco Cloud Services Platform Could Allow for Arbitrary Command Execution
Overview: 

Multiple vulnerabilities have been discovered in Cisco Cloud Services Platform that can result in arbitrary command execution and remote command injection. Cisco Cloud Services Platform 2100 is a turn-key, open x86 Linux Kernel-based Virtual Machine software and hardware platform for data center network functions virtualization. Attackers can exploit these issues to execute arbitrary commands on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

Systems Affected: 
  • Cisco Cloud Services Platform 2100 version 2.0 and prior

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Low
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Low
Home Users: 
N/A
Description: 

Cisco Cloud Services Platform 2100 is prone to two vulnerabilities that could allow for arbitrary code execution. These vulnerabilities are as follows:

  • A vulnerability due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious 'dnslookup' request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.
  • A vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root.

Successful exploitation could allow remote attackers to perform unauthorized actions.

Actions: 
  • After appropriate testing, install updates provided by Cisco to affected systems.
  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • Monitor intrusion detection systems for any signs of anomalous activity.

  • Unless required, limit external network access to affected products.