SB2017100403 - Multiple vulnerabilities in Cisco IOS

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Improper certificate validation (CVE-ID: CVE-2017-12228)

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to insufficient certificate validation. A remote attacker can supply a crafted certificate, conduct MiTM attack and decrypt confidential information on user connections to the affected software.

2) Improper input validation (CVE-ID: CVE-2017-12237)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to an error when processing certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets to the device and cause high CPU utilization, traceback messages, or a device reload.

Successful exploitation of the vulnerability results in denial of service.

3) Buffer overflow (CVE-ID: CVE-2017-12240)

The vulnerability allows a remote attacker to cause execute arbitrary code on the target system.

The weakness exists due to a buffer overflow condition in the DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software. A remote attacker can send a specially crafted DHCP Version 4 (DHCPv4) packet, execute arbitrary code and gain full control over the affected system.

4) Improper input validation (CVE-ID: CVE-2017-12233)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.

5) Improper input validation (CVE-ID: CVE-2017-12234)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.

6) Improper input validation (CVE-ID: CVE-2017-12231)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists in the implementation of Network Address Translation (NAT) functionality in Cisco IOS Software due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol.A remote attacker can send a specially crafted H.323 RAS packet and cause the device to reload or crash.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat