Cisco devices OS is part of the vulnerability issue reported yesterday, Cisco in her blog.
The security issue is tracked as CVE-2019-12643. It received the maximum severity score of 10 and resides in the REST API virtual service container for Cisco’s OS.
The following products are affected by this security flaw:
Cisco 4000 Series Integrated Services Routers
Cisco ASR 1000 Series Aggregation Services Routers
Cisco Cloud Services Router 1000V Series
Cisco Integrated Services Virtual Router
Exploitation is possible if specific conditions are met by simply sending malicious HTTP requests to a target device. If an administrator is into the REST API interface, an adversary can get their ‘token-id’ and run commands with elevated privileges.
“If the device was already configured with an active vulnerable container, the IOS XE Software upgrade will deactivate the container, making the device not vulnerable. In that case, to restore the REST API functionality, customers should upgrade the Cisco REST API virtual service container to a fixed software release.” – says Cisco.
The other two enabled a logged-in adversary to restart the SNMP application (CVE-2019-1963) or to exhaust the system’s memory by preventing a virtual shell (VSH) process from deleting when terminating a remote connection (CVE-2019-1965).
The high severity issue in Cisco’s Fabric Interconnect is tracked as CVE-2019-1966 and leads to local privilege escalation to root permission level. The adversary can exploit “extraneous subcommand options present for a specific CLI command within the local-mgmt context.”
All vulnerabilities described in yesterday’s bulletin were discovered internally by Cisco during security testing or disccovered when solving customer support cases.
Cisco has launched a security patch to fix this problem with her devices.