SB2016092103 - Multiple vulnerabilities in Cisco IOS
Published: September 21, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2016-6414)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local authenticated user to gain elevated privileges and perform command injection on the target system.
The weakness is caused by improper input validation. Using of specially crafted iox command line parameters allows attackers to cause an input validation flaw and execute arbitrary commands on the IOx Linux guest operating system (GOS).
Successful exploitation of the vulnerability may lead to privilege escalation and command injection on the vulnerable system.
2) Denial of service (CVE-ID: CVE-2016-6409)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness is caused by improper bounds validation. By sending specially crafted data attackers can cause a boundary error in the Cisco Data in Motion (DMo) component that leads to denial of service conditions on the target DMo process.
Successful exploitation of the vulnerability results in denial of service on the vulnerable service.
3) Information disclosure (CVE-ID: CVE-2016-6410)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to obtain potentially sensitive information.
The weakness is caused by improper input validation. To exploit the vulnerability attackers can send specially crafted data that invokes input validation flaw and allows to view arbitrary files.
Successful exploitation of the vulnerability may result in information disclosure.
4) Information modification (CVE-ID: CVE-2016-6412)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerabiity allows a remote user to modify user's information on the target system.
The weakness exists due to input validation flaw in the Cisco Application-hosting Framework (CAF) component. By insertion specially crafted HTTP headers into the communications path between the user and the target IOS system attackers can download an arbitrary file.
Successful exploitation of the vulnerability may result in modification of target user's data.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1