TTCSIRT-047.092917: TT-CSIRT Advisory – CISCO Security Updates

TTCSIRT-047.092917: TT-CSIRT Advisory – CISCO Security Updates

Multiple vulnerabilities have been discovered in Cisco IOS and IOS XE Software, the most severe of which could result in remote code execution. Details of these vulnerabilities are as follows:

a) A remote code execution vulnerability exists in the DHCP relay subsystem due to a buffer overflow condition – (CVE-2017-12240)

b) A denial of service vulnerability exists in Internet Key Exchange 2 (IKEv2) when processing specially crafted packets – (CVE-2017-12237)

c) An information disclosure vulnerability exists in the Cisco Network Plug-and-Play application due to insufficient certificate validation – (CVE-2017-12228)

d) Multiple vulnerabilities exist in the Common Industrial Protocol (CIP) due to improper parsing of specially crafted packets, which could allow for denial of service – (CVE-2017-12233, CVE-2017-12234)

e) A denial of service vulnerability exists due to a memory management issue in Cisco Catalyst 6800 series switches when receiving a large number of Virtual Private LAN Service (VPLS) MAC entries – (CVE-2017-12238)

f) A denial of service vulnerability exists in the PROFINET Discovery and Configuration Protocol (PN-DCP) due to improper parsing of ingress PN-DCP Identify Request packets – (CVE-2017-12235)

g) A denial of service vulnerability exists in Cisco Integrated Services Router Generation 2 (ISR G2) routers due to a misclassification of Ethernet frames – (CVE-2017-12232)

h) A denial of service vulnerability exists in the implementation of Network Address Translation (NAT) in Cisco IOS due to improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol over IPv4 – (CVE-2017-12231)

i) A security bypass vulnerability exists in Cisco ASR 1000 series and cBR-8 routers due to an engineering console port being available on the motherboard of the line cards, which would grant a physical attacker console access to the operating systems of the affected devices – (CVE-2017-12239)

j) A security bypass vulnerability exists in the implementation of the Locator/ID Separation Protocol (LISP) due to a logic error introduced via code regression in Cisco IOS XE – (CVE-2017-12236)

k) A privilege escalation vulnerability exists in the web-based user interface (Web UI) due to incorrect default permission settings for new users – (CVE-2017-12230)

l) A security bypass vulnerability exists in the Web UI REST API due to insufficient input validation – (CVE-2017-12229)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute remote code and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-cisco-ios-and-ios-xe-could-allow-for-remote-code-execution_2017-091/