Cisco customers have been urged to update their systems after the networking giant patched dozens of high-impact security vulnerabilities in its first patch cycle of 2021.
Among the most serious flaws were vulnerabilities uncovered in Cisco Connected Mobile Experiences (CMX) and the Cisco AnyConnect Secure Mobility Client for Windows, with the remainder found in Cisco Small Business routers that have reached their end of life.
The bugs’ severity is mitigated by the fact that attackers must be authenticated in all cases.
The accompanying advisories, which were published on January 13, included affirmations that Cisco was not aware of any in-the-wild attacks that leveraged the vulnerabilities.
Mishandling CMX password authorization
The highest severity flaw (CVE-2021-1144), which is borderline critical with a CVSS of 8.8, was found in CMX by researchers from European IT infrastructure provider Conscia.
Popular among hotels, casinos, and other leisure venues, CMX uses Cisco’s wireless infrastructure to offer location services and location analytics using customers’ mobile devices.
The Conscia researchers discovered how mishandled authorization checks allowed a remote attacker without administrative privileges to alter the password of any user, including administrative users, and then impersonate their victim.
This could be achieved by sending a modified HTTP request to a vulnerable device.
Cisco fixed this vulnerability, which was present in versions 10.6.0, 10.6.1, and 10.6.2, in CMX release 10.6.3.
DLL injection in Cisco AnyConnect
A vulnerability in the network access manager and web security agent of the Cisco AnyConnect secure mobility client for Windows could allow a local attacker to perform a DLL injection attack and execute arbitrary code with SYSTEM privileges.
CVE-2021-1237 has a CVSS of 7.8. The issue arises from insufficient validation of resources loaded during run time.
The flaw has been eradicated from version 4.9.04043, with all previous versions affected.
Credit for the find goes to Sittikorn Sangrattanapitak, plus Nuttakorn Tungpoonsup, Ammarit Thongthua, and Nattakit Intarasorn of the Secure D Center research team.
Bug bonanza
Finally, a pair of advisories (here and here), both assigned a CVSS rating of 7.2, addressed numerous security flaws, all requiring admin rights, in the web-based management interface of the Cisco Small Business platform.
Exploitation could lead to arbitrary code execution as root on the operating system or denial of service.
Because support has been discontinued for the affected models – the RV110W Wireless-N VPN Firewall and RV130, RV130W, and RV215W routers – “customers are encouraged to migrate” to models RV132W, RV160, or RV160W.
Documented in the Cisco Security hub, the company’s latest patch cycle includes fixes for numerous other lesser-impact vulnerabilities, including stored cross-site scripting vulnerabilities in the above routers, a Cisco Webex Teams shared file manipulation vulnerability, and a Cisco Firepower Management Center XML entity expansion bug.
Source: https://portswigger.net/daily-swig/cisco-fixes-clutch-of-high-impact-bugs-in-latest-patch-cycle