Network Security, Patch/Configuration Management, Vulnerability Management

Cisco mends high-severity bugs across three product lines

Cisco Systems on Wednesday issued software updates for three separate product lines, in each case rectifying a high-severity vulnerability that could allow remote attackers to either elevate privileges or trigger a denial-of-service condition.

According to a Sept. 20 US-CERT security alert, the three bugs consist of a privilege escalation vulnerability in the Unified Customer Voice Portal (CVP), and DoS bugs in the Email Security Application and various Small Business Managed Switches.

The CVP bug (CVE-2017-12214) resides specifically within the product's Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality, and is the result of improper input validation. A Cisco security advisory reports that attackers can exploit this flaw to gain administrator privileges "by authenticating to the OAMP and sending a crafted HTTP request." Version 11.6 of the portal software fixes this problem. 

The DoS flaw in the Email Security Application (CVE-2017-12215) is due to improper input validation by the AsyncOS operating system's message filtering feature. Unauthenticated, remote attackers can exploit this bug using email attachments that contain corrupted fields designed to trigger the erroneous validation. Consequently, the device runs out of memory, causing the filtering process to repeatedly crash. A Cisco security advisory reports that version 9.7.2-065 resolves this problem.

Finally, the DoS vulnerability in Cisco's Small Business Managed Switches (CVE-2017-6720) is found in the Secure Shell (SSH) subsystem of the following products:

  • Cisco Small Business 300 Series Managed Switches
  • Cisco Small Business 500 Series Stackable Managed Switches
  • Cisco 350 Series Managed Switches
  • Cisco 350X Series Stackable Managed Switches
  • Cisco 550X Series Stackable Managed Switches
  • Cisco ESW2 Series Advanced Switches

A Cisco advisory reports that the flaw results from the improper processing of SSH connections, and that authenticated remote attackers can trigger a DoS condition by "logging in to an affected switch via SSH and sending a malicious SSH message," causing a reload of the affected switch. The affected switch products listed above are fixed with the release of either version 1.4.8.06 or version 2.3.0.130.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.