This article is more than 1 year old
Cisco's subscriber management software needs immediate patch
Switchzilla's also looking for any Dirty COWs in its code
Service providers using Cisco' Prime to manage consumers' networks need to run in a critical patch.
The vulnerability Cisco turned up gives a remote attacker full administrative privileges over the system, thanks to its Web GUI.
A crafted HTTP request to a particular URL lets an attacker “obtain a valid session identifier for an arbitrary user” – all the way up to administrator.
The problem affects Cisco Prime Home versions 5.1.1.6 and earlier (all need to be migrated to 5.1.1.7), and 5.2.2.2 and earlier (migrate to 5.2.2.3); versions 6.0 and later are in the clear.
The other critical patch for this week is in the company's ASR 900 Series aggregation router: the remote POP device is subject to remote code execution.
“The vulnerability exists because the affected software performs incomplete bounds checks on input data,” the advisory says.
A malicious request to its TL1 port can force a reload of the router, opening the window for an attacker to execute arbitrary code, get control, or force a reload.
The bug is present on ASR 901, ASR 901 10G, ASR 901S, and ASR 920 routers, running versions 3.17.0S, 3.17.1S, 3.17.2S, 3.18.0S, and 3.18.1S of in the IOS XE software.
Switchzilla also recommends sysadmins with ASR 900s run a stack trace to see if they've been compromised. The indicator is that the TL1 helper process has crashed. You'll see a message like this:
Exception to IOS Thread: Frame pointer 0x348D3D18, PC = 0x150255E4
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = TL1 Helper Process -Traceback= 1#c2f8cd10bbd769d41be54f5792c0ec33 :10000000+50255E4 :10000000+33DEED0 :10000000+33DEED0 :10000000+33D6718 :10000000+33D5444
Infrastructure Access Control (IAC) lists can be used as a workaround, and a patch is available.
Other advisories that landed today (US time) include:
- Cisco Meeting Server and App have a high-rated buffer underflow; and the Meeting Server's Session Description Protocol has a high-rated buffer overrun;
- Telepresence endpoints are vulnerable to local command injection;
- The Application Policy Infrastructure Controller is vulnerable to denial-of-service;
- The e-mail security appliance's filtering can be bypassed with an RAR file attachment;
- ASR 5500 Series routers with DPC2 cards can be hosed.
Finally, Switchzilla has announced it's investigating whether any of its Linux kernel implementations are herding a Dirty COW. ®