Cisco fixes flaws with a severity rate of 10, affecting IOS XE software

Patches for vulnerabilities in IOS XE networking equipment got released to avoid major attacks

Cisco releases patches for critical flawsCisco Systems rolled out patches to address critical security vulnerabilities

Cisco rolled out fixes for three security flaws that affected network operating systems.[1] It is believed that remote attackers who exploited such bugs used the vulnerability to execute the arbitrary code, getting administrative rights and triggering denial-of-service[2] attacks on devices. Internetworking operating system powering routers, wireless controllers, products with particular configurations could have been affected by the bug and still can be if the patch is not added – software is not updated.

A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.

One of them is receiving a severity rating of 10 out of 10(CVE-2021-34770), which is the most critical. The flaw affects the Cisco Catalyst 9000 family wireless controllers.

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Embedded Wireless Controller on Catalyst Access Points.

Flaws could be exploited and used by the attacker without the need for authentication. The official advisory[3] lists all the affected products and notes that there are no possible workarounds besides the patch. There is no evidence of the malicious use of this vulnerability. The issue was discovered during the routine internal security testing.

It is possible to avoid any usage of these bugs. The company advises updating wireless controllers with all the APs registered. Users and administrators should apply all the fixes to mitigate any possible use of the vulnerabilities and malicious attacks.

DoS condition is the smallest risk

Unauthenticated access to the targeted machine can result in installing, manipulating, deleting, altering the settings of the affected piece. Researchers say that denial-of-service condition creation is not so huge of an issue compared to possible consequences. The report shows possible commands that can help check if your machine is vulnerable.

The vulnerability is occurring due to the logical error during the validation process. If the person is aware that the machine is vulnerable, sending the CAPWAP packet to the vulnerable device could easily lead to exploitation. An attacker can transit the crafted traffic and execute any commands. This is a serious issue because any malicious actor can breach devices or even networks,[4] spread ransomware or different threats around.

The complete list of Cisco fixes for 31 bugs

These vulnerabilities were included in the security issue report update for Cisco. This September issue includes more than a dozen of the high severity flaws. Fifteen high-severity vulnerabilities and 15 medium-severity flaws were reported. Another more critical flaw with a severity rate of 9.8/10 was found in vDaemon process in Cisco IOS XE SD-WAN Software.

The particular bug, when executed, can provide the attacker remote access. Having the highest-possible rights leads to any arbitrary code execution, triggering the DoS condition on the targeted device. The flaw is crucial for outdated versions of Cisco IOS XE SD-WAN software with the latter feature active on the device. Those include:

  • 1000 Series Integrated Services Routers (ISRs)
  • 4000 Series ISRs
  • ASR 1000 Series Aggregation Services Routers
  • Cloud Services Router 1000V Series.

Cisco expands and invests in various serious companies, starting services. The company is known for networking software and hardware development. These critical patches often save networking giants and companies like Nexus[5] from significant issues that can result from the high-severity flaw execution.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References
Files
Software
Compare