Cisco has releases patches to address vulnerabilities that could potentially be exploited to gain full control of affected systems. Three of the vulnerabilities are rated critical and have been assigned a CVSS V3 rating of 10 – the highest rating under the scoring system. A further four vulnerabilities have been given a rating of high with CVSS V3 scores of 8.6, 8.1, 7.5 and 6.3.
The three critical vulnerabilities affect Cisco’s Digital Network Architecture (DNA) platform which, if exploited, would allow a threat attacker bypass authentication measures and attack core functions of the platform, potentially taking full control of systems.
CVE-2018-0271 – CVSS V3 10 – is a Digital Network Architecture Center authentication bypass vulnerability that would allow an attacker to bypass authentication controls to access critical services, resulting in elevated privileges in the DNA Center. The vulnerability is due to the failure to normalize URLs prior to servicing requests.
CVE-2018-0222 – CVSS V3 10 – is a Digital Network Architecture Center static credentials vulnerability that allows an unauthenticated attacker to log into DNA services with an administrator account that has default and static user credentials. The vulnerability is due to undocumented, static user credentials for the default administrative account for the affected software.
CVE-2018-0268 – CVSS V3 10 – is a Digital Network Architecture Center unauthorized access vulnerability that would allow a threat actor to completely compromise a Kubernetes container management subsystem within the DNA center. The vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem.
The four other vulnerabilities, in order of severity are:
CVE-2018-0277 – CVSS V3 8.6 – An Identity Services Engine EAP TLS Certificate denial of service vulnerability that could allow an attacker to cause the ISE application server to restart unexpectedly, triggering a denial of service condition. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate.
CVE-2018-0270 – CVSS V3 8.1 – An IoT Field Network Director cross-site request forgery vulnerability that could be exploited remotely to conduct a cross-site request forgery (CSRF) attack allowing alteration of data of existing users and groups. The vulnerability is due to insufficient CSRF protections for the web-based management interface.
CVE-2018-0280 – CVSS V3 7.5 – A Meeting Server Media Services denial of service vulnerability that could allow an attacker to cause a denial of service condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams.
CVE-2018-0279 – CVSS V3 6.3 – A vulnerability affecting the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) caused by improper input validation of command arguments. If exploited, a remote attacker could access the shell of the Linux operating system on the affected device.
Cisco notes that there are no workarounds for any of the seven vulnerabilities, which can only be remediated by applying the appropriate patches.
The National Cybersecurity and Communications Integration Center (NCCIC) is encouraging users of the affected Cisco software and solutions to apply the appropriate patches as soon as possible to prevent exploitation of the vulnerabilities.