Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 8 |
CVE-ID | CVE-2020-3229 CVE-2020-3219 CVE-2021-1446 CVE-2020-3211 CVE-2020-3218 CVE-2020-3209 CVE-2021-1385 CVE-2020-3516 |
CWE-ID | CWE-264 CWE-77 CWE-754 CWE-20 CWE-347 CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Stratix 5800 Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
EUVDB-ID: #VU28565
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3229
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect handling of Role Based Access Control (RBAC) functionality for the administration GUI. A remote authenticated attacker can send a modified HTTP request and execute CLI commands or configuration changes with elevated privileges.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
Mitigation
Install update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28760
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3219
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to improper input sanitization in the web UI. A remote authenticated attacker can submit a specially crafted input and execute arbitrary commands on the target system.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
Mitigation
Install update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51769
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1446
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a logic error that occurs when an affected device inspects certain DNS packets. A remote attacker can send specially crafted DNS packets and cause denial of service condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28568
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3211
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to improper input sanitization in the web UI. A remote administrator can supply a specially crafted input parameter on a form in the web UI, then submit that form and execute arbitrary commands on the target system.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
Mitigation
Install update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28762
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the web UI. A remote administrator can first create a malicious file on the affected device itself, then upload a second malicious file to the device and execute arbitrary code on the target system.
This vulnerability affects the following products if they are running affected release of Cisco IOS XE Software:
Mitigation
Install update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68872
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3209
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.
MitigationInstall update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51731
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1385
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to the affected device does not properly validate URIs in IOx API requests. A remote administrator can send a specially crafted HTTP request and read or write arbitrary files on the underlying operating system.
MitigationInstall update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU47214
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input during authentication. A remote authenticated attacker can enter unexpected characters during a valid authentication and crash the web server on the device.
MitigationInstall update from vendor's website.
Vulnerable software versionsStratix 5800: before 16.12.01
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-300-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.