Security News > 2018 > March > Critical Flaw Exposes Many Cisco Devices to Remote Attacks
Cisco has patched more than 30 vulnerabilities in its IOS software, including a critical remote code execution flaw that exposes hundreds of thousands – possibly millions – of devices to remote attacks launched over the Internet. A total of three vulnerabilities have been rated critical. One of them is CVE-2018-0171, an issue discovered by researchers at Embedi in the Smart Install feature in IOS and IOS XE software. An unauthenticated attacker can send specially crafted Smart Install messages to an affected device on TCP port 4786 and cause it to enter a denial-of-service (DoS) condition or execute arbitrary code. Cisco pointed out that Smart Install is enabled by default on switches that have not received a recent update for automatically disabling the feature when it’s not in use. Embedi has published a blog post detailing CVE-2018-0171 and how it can be exploited. Researchers initially believed the vulnerability could only be exploited by an attacker inside the targeted organization’s network. However, an Internet scan revealed that there are roughly 250,000 vulnerable Cisco devices that have TCP port 4786 open. Furthermore, Embedi told SecurityWeek that it has identified approximately 8.5 million devices that use this port, but researchers have not been able to determine if the Smart Install technology is present on these systems. Another IOS vulnerability patched by Cisco and rated critical is CVE-2018-0150, a backdoor that allows an attacker to remotely access a device. This security hole is introduced by the existence of an undocumented account with a default username and password. The credentials provide access to a device with privilege level 15, the highest level of access for Cisco network devices. The last critical security hole is CVE-2018-0151, which affects the quality of service (QoS) subsystem of IOS and IOS XE software. The flaw can allow a remote an unauthenticated attacker to cause a DoS condition or execute code with elevated privileges by sending malicious packets to a device. The networking giant has patched a total of 17 high severity flaws in IOS and IOS XE software. The list includes mostly DoS issues, but some of the vulnerabilities can be exploited for remote code execution and privilege escalation. Cisco also patched over a dozen IOS vulnerabilities rated “medium severity.” A majority of the bugs were discovered by the company itself and there is no evidence that any of them have been exploited for malicious purposes. Related: Cisco Patches Hard-coded Password in PCP Software Related: Cisco Reissues Patches for Critical Firewall Flaw Related: Cisco Patches Flaws in Email Security, Other Products (function() { var po = document.createElement("script"); po.type = "text/javascript"; po.async = true; po.src = "https://apis.google.com/js/plusone.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s); })(); Tweet Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.Previous Columns by Eduard Kovacs:Critical Flaw Exposes Many Cisco Devices to Remote AttacksMicrosoft Fixes Windows Flaw Introduced by Meltdown PatchesSevere Vulnerabilities Expose MicroLogix PLCs to AttacksDrupalgeddon: Highly Critical Flaw Exposes Million Drupal Websites to AttacksCritical Flaws Found in Siemens Telecontrol, Building Automation Products Register for the 2018 CISO Forum at Half Moon Bay 2018 ICS Cyber Security Conference | USA [Oct. 22-25] 2018 ICS Cyber Security Conference | Singapore [April. 24-26] sponsored links Tags: Network Security NEWS & INDUSTRY Vulnerabilities
News URL
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-28 | CVE-2018-0150 | Use of Hard-coded Credentials vulnerability in Cisco IOS XE 16.5.1 A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. | 9.8 |
2018-03-28 | CVE-2018-0151 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.5.1 A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. | 9.8 |
2018-03-28 | CVE-2018-0171 | Out-of-bounds Write vulnerability in Cisco IOS 15.2(5)E A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. | 9.8 |