Cisco released patches to address vulnerabilities impacting several of its products:
- Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
- StarOS SSH Privilege Escalation Vulnerability
- Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
- Meshed Wireless LAN Controller Impersonation Vulnerability
A flaw in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication, the notice stated. A remote attacker could gain full administrator privileges.
The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface, the advisory said. "An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system." Should an attacker gain entry, s/he could bypass authentication and execute unauthorized configuration changes or issue control commands to the affected device.
A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core, could allow an authenticated, remote attacker to gain unrestricted, root shell access, the report said. If exploited, an attacker could gain root privileges access on the router.
A remote attacker could retrieve any file from the Client Manager Server owing to an insufficient input validation bug in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler. A crafted URL sent to the Client Manager Server could open access to the attacker and enable them to steal any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server.
And, lastly, a vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology, the Cisco advisory said. An exploit could allow a remote attacker to control the traffic flowing through the impacted access point or take full control of the target system.
Cisco has released software updates that address these vulnerabilities.