Multiple vulnerabilities in Rockwell Automation Stratix 5800 switches containing Cisco IOS



Published: 2022-11-01
Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2020-3229
CVE-2020-3219
CVE-2021-1446
CVE-2020-3211
CVE-2020-3218
CVE-2020-3209
CVE-2021-1385
CVE-2020-3516
CWE-ID CWE-264
CWE-77
CWE-754
CWE-20
CWE-347
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Stratix 5800
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Rockwell Automation

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU28565

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3229

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect handling of Role Based Access Control (RBAC) functionality for the administration GUI. A remote authenticated attacker can send a modified HTTP request and execute CLI commands or configuration changes with elevated privileges.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Integrated Services Virtual Router
  • Cisco ASR 1000 Series Aggregation Services Routers
  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco 1000 Series Integrated Services Routers
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches
  • Cisco Catalyst 9800 Series Wireless Controllers

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU28760

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3219

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the system.

The vulnerability exists due to improper input sanitization in the web UI. A remote authenticated attacker can submit a specially crafted input and execute arbitrary commands on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU51769

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1446

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a logic error that occurs when an affected device inspects certain DNS packets. A remote attacker can send specially crafted DNS packets and cause denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Command Injection

EUVDB-ID: #VU28568

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3211

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to improper input sanitization in the web UI. A remote administrator can supply a specially crafted input parameter on a form in the web UI, then submit that form and execute arbitrary commands on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 9800 Series Wireless Controllers

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU28762

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the web UI. A remote administrator can first create a malicious file on the affected device itself, then upload a second malicious file to the device and execute arbitrary code on the target system.

This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software: 

  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 3650 Series Switches
  • Cisco Catalyst 9300 Series Switches
  • Cisco Catalyst 9500 Series Switches
  • Cisco Catalyst 9200 Series Switches

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU68872

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3209

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Path traversal

EUVDB-ID: #VU51731

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1385

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to the affected device does not properly validate URIs in IOx API requests. A remote administrator can send a specially crafted HTTP request and read or write arbitrary files on the underlying operating system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU47214

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3516

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input during authentication. A remote authenticated attacker can enter unexpected characters during a valid authentication and crash the web server on the device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Stratix 5800: before 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-22-300-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###