Since it depends on the user to be logged in, a hacker that fools an administrator into clicking the malicious link could modify the configuration, run commands, or reload the vulnerable devices. If both http server and http-secure server are in use, then both commands are required to disable the HTTP Server feature. The network equipment maker says that disabling the HTTP Server function may be adequate mitigation until upgrading the device is possible.Īdministrators can disable the HTTP Server feature by using the no ip http server or no ip http secure-server command in global configuration mode. This is possible on systems where the HTTP Server feature is active, a state that is not default across the various versions of the software. Successful exploitation of the bug enables attackers to run arbitrary actions on the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link," Cisco says in the advisory. "The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. It exists in the web-based user interface of the product. Identified as CVE-2019-1904, the vulnerability affects outdated versions of Cisco IOS XE and has a severity score of 8.8 out of 10. These attacks can be deployed via a malicious link and the action is executed with the same privileges of the logged in user. Hackers can leverage CSRF flaws to force the execution of unwanted actions in web pages or apps where the victim user has already authenticated.
CISCO IOS XE SOFTWARE PATCH
Users and administrators are recommended to apply the necessary updates to mitigate any potential exploitation risk by malicious actors.Cisco today released an updated version for its IOS XE software to patch a high severity cross-site request forgery (CSRF) vulnerability. Lastly, CVE-2021-1619 relates to an "uninitialized variable" in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software that could permit an authenticated, remote adversary to "install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS."Īlso addressed by Cisco are 15 high-severity vulnerabilities and 15 medium-severity flaws affecting different components of the IOS XE software as well as Cisco Access Points platform and Cisco SD-WAN vManage Software.
CISCO IOS XE SOFTWARE SERIES
1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series that have the SD-WAN feature enabled are impacted by the flaw.
CISCO IOS XE SOFTWARE CODE
"A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition."ĬVE-2021-34727, on the other hand, concerns an insufficient bounds check when accepting incoming network traffic to the device, thus allowing an attacker to transmit specially-crafted traffic that could result in the execution of arbitrary code with root-level privileges or cause the device to reload. "An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device," the company noted in its advisory. The most severe of the issues is CVE-2021-34770, which Cisco calls a "logic error" that occurs during the processing of CAPWAP (Control And Provisioning of Wireless Access Points) packets that enable a central wireless Controller to manage a group of wireless access points.