SB2020060420 - Multiple vulnerabilities in Cisco IOS XE Software
Published: June 4, 2020 Updated: June 4, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3229)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect handling of Role Based Access Control (RBAC) functionality for the administration GUI. A remote authenticated attacker can send a modified HTTP request and execute CLI commands or configuration changes with elevated privileges.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
- Cisco Integrated Services Virtual Router
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco 1000 Series Integrated Services Routers
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9200 Series Switches
- Cisco Catalyst 9800 Series Wireless Controllers
2) Command Injection (CVE-ID: CVE-2020-3224)
The vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to insufficient input validation of specific HTTP requests in the web-based user interface (web UI). A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary commands on the target system.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9200 Series Switches
3) Link following (CVE-ID: CVE-2020-3223)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability existd due to insufficient file scope limiting in the web-based user interface (web UI). A remote administrator can create a specific file reference on the filesystem, then access it through the web UI and read arbitrary files from the underlying operating system's filesystem.
4) Improper access control (CVE-ID: CVE-2020-3222)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the presence of a proxy service at a specific endpoint of the web UI. A remote attacker on the local network can connect to the proxy service and bypass access restrictions on the network by proxying their access request through the management network of the affected device.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 3650 Series Switches
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9500 Series Switches
- Cisco Catalyst 9200 Series Switches
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-filerd-HngnDYGk
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-unauthprxy-KXXsbWh