Cisco Systems this week issued disclosed a dozen software vulnerabilities, including four high-severity flaws, one of which has not been patched.
The flaw with no current fix is CVE-2020-3155: a validation error in the SSL implementation of Cisco Intelligent Proximity, a solution that helps laptops, smartphones and other devices automatically discover and link with Webex video devices and collaboration endpoints. If exploited, the vulnerability could enable remote attackers to view or alter information shared on these Webex devices and endpoints.
“An attacker could exploit this vulnerability by using man-in-the-middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint,” Cisco states in a security advisory. “Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls.”
Users of Cisco’s Intelligent Proximity application, Jabber, Webex Meetings and Webex Teams Cisco Meeting App can all be impacted by the vulnerability if the products are configured with the Proximity feature and are used to connect to on-premises devices or collaboration endpoints with the Proximity feature also enabled.
There are no workarounds but Cisco does list mitigations in its advisory. They include disabling the Proximity pairing feature on devices and endpoints, disabling the automatic discovery of collaboration endpoints on the Proximity clients, and migrating the collaboration solution to the cloud.
The two bugs with the highest CVSS score — designated CVE-2020-3127 and CVE-2020-3128 — are comprised of a series of vulnerabilities that could allow attackers to gain a targeted user’s privileges and then execute arbitrary code via the Cisco Webex Network Recording Player for Microsoft Windows or the Cisco Webex Player for Microsoft Windows.
According to a Cisco security advisory, the vulnerabilities are caused by “insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF).” To exploit these flaws, an adversary could send users a malicious ARF or WRF file via a link or email attachment and socially engineer the potential victim into opening the file on the local system.
Both bugs are fixed in Webex Meetings 39.5.17 and 40.0, Webex Meetings Online 1.3.49 and Webex Meetings Server 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2.
The remaining high-level bug was identified as a vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR). An unauthenticated, remote attacker could exploit this issue to perform a cross-site request forgery (CSRF) attack by tricking a user into clicking a malicious link while still in an active administrative session.
“A successful exploit could allow an attacker to change the device’s configuration, which could include the ability to edit or create user accounts of any privilege level,” Cisco warns in a security advisory. “Some changes to the device’s configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.”
CPNR was relieved of this issue with the release of version 10.1.
Medium-level vulnerabilities were found in the Webex Meetings Client for MacOS; TelePresence Management Suite; Remote PHY Device Software; Prime Collaboration Provisioning; Identity Services Engine; IOS XR Software; and Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA). Also, Cisco acknowledged that certain of its wireless products are affected by the recently discovered Wi-Fi chipset vulnerability known as Krook.