Cisco has released a patch that addresses three critical security bugs in the iOS XE internetworking operating system. This could allow an attacker to execute arbitrary code remotely, causing a denial of service (DoS) situation on a vulnerable device.
The most serious of these issues is CVE-2021-34770, a Remote Code Execution (RCE) with a CVSS score of 10.0.
According to Cisco, this vulnerability is a “logical error” that occurs while processing the Wireless Access Point Control and Provisioning (CAPWAP) protocol.
The CAPWAP protocol allows the central wireless controller to handle the processing of the IOSXE software for the Catalyst 9000 family of wireless controllers.
According to Cisco, this bug could allow an attacker with root privileges to execute arbitrary code after sending a specially crafted packet.
If the attack is successful, the target device will crash and reload, resulting in a DoS condition.
This defect affects the Catalyst 9800 and 9800-CL wireless controllers. Catalyst 9300, 9400, and 9500 series switches. A wireless controller built into the Catalyst access point.
The second important vulnerability that Cisco addresses is a buffer overflow in the iOS XE SD-WAN. This could allow an unauthorized remote attacker with root privileges to execute arbitrary commands or reload the device, causing DoS conditions.
Indexed as CVE-2021-34727, this bug is caused by insufficient bounds checking when the affected device handles traffic.
An attacker can exploit this bug by sending specially crafted traffic to the device.
Products affected by this bug include the Cloud Services Routers 1000V Series, Integrated Services Routers (ISR) 1000 and 4000 Series, and Aggregation Service Routers (ASR) 1000 Series.
Finally, Cisco has patched CVE-2021-1619. This is a bug caused by uninitialized variables in the Authentication, Authorization, and Accounting (AAA) features of the Cisco iOS XE software.
If the attack is successful, the authenticated remote actor “establishes, manipulates, deletes, destroys the device’s memory,” the configuration of the network device, and goes into a DoS state.
Cisco says there are no reports of these three bugs actually being exploited.
These improvements were released as part of Cisco’s September 2021 Security Advisory Bundle for iOS and iOS XE software.
This month, Cisco fixed 27 vulnerabilities, including 13 high-severity and 11 medium-severe bugs.
Earlier this month, the company urged users to address critical vulnerabilities in virtualized network devices following the release of proof-of-concept (PoC) exploit codes.
Indexed as CVE-2021-34746, this vulnerability affected the TACACS+ authentication, authorization, and accounting capabilities of the Cisco Enterprise NFV infrastructure software.
And in June, it was reported that cybercriminals were exploiting a security flaw (CVE-2020-3580) in a Cisco Adaptive Security Equipment (ASA) device in an active attack following the release of the PoC exploit code.
Cisco first disclosed the details of the cross-site scripting (XSS) bug in October 2020 and published a fix for it. Due to the incomplete first patch, the vendor released an additional patch for the bug in April 2021.
In its recommendation, Cisco said it would release patches to address several XSS bugs in ASA and Firepower Threat Defense (FTD) software web services.
Organizations have been asked to patch their devices against CVE-2020-3580 to protect sensitive data from threat attackers.
Cybersecurity company Rapid7 warned last year that as of July 2020, more than 85,000 ASA/FTD devices were accessible to the Internet. Of these devices, 398 were distributed to 17% of Fortune 500 companies.