SB2022110109 - Multiple vulnerabilities in Rockwell Automation Stratix 5800 switches containing Cisco IOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022110109

SB2022110109 - Multiple vulnerabilities in Rockwell Automation Stratix 5800 switches containing Cisco IOS

Published: November 1, 2022

Security Bulletin ID SB2022110109
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 38% Low 63%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3229)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect handling of Role Based Access Control (RBAC) functionality for the administration GUI. A remote authenticated attacker can send a modified HTTP request and execute CLI commands or configuration changes with elevated privileges.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Integrated Services Virtual Router
  • Cisco ASR 1000 Series Aggregation Services Routers
  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco 1000 Series Integrated Services Routers
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches
  • Cisco Catalyst 9800 Series Wireless Controllers


2) Command Injection (CVE-ID: CVE-2020-3219)

The vulnerability allows a remote attacker to execute arbitrary commands on the system.

The vulnerability exists due to improper input sanitization in the web UI. A remote authenticated attacker can submit a specially crafted input and execute arbitrary commands on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches


3) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2021-1446)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a logic error that occurs when an affected device inspects certain DNS packets. A remote attacker can send specially crafted DNS packets and cause denial of service condition.


4) Command Injection (CVE-ID: CVE-2020-3211)

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to improper input sanitization in the web UI. A remote administrator can supply a specially crafted input parameter on a form in the web UI, then submit that form and execute arbitrary commands on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 9800 Series Wireless Controllers


5) Input validation error (CVE-ID: CVE-2020-3218)

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the web UI. A remote administrator can first create a malicious file on the affected device itself, then upload a second malicious file to the device and execute arbitrary code on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches


6) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-3209)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.


7) Path traversal (CVE-ID: CVE-2021-1385)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to the affected device does not properly validate URIs in IOx API requests. A remote administrator can send a specially crafted HTTP request and read or write arbitrary files on the underlying operating system.


8) Input validation error (CVE-ID: CVE-2020-3516)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input during authentication. A remote authenticated attacker can enter unexpected characters during a valid authentication and crash the web server on the device.


Remediation

Install update from vendor's website.

References