Three critical vulnerabilities have found in Cisco products. More specifically, Cisco’s IOS and IOS XE contain two flaws – CVE-2018-0151 and CVE-2018-171. The third flaw concerns only Cisco IOS XE Software. If exploited, it could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password used at initial boot.
1. CVE-2018-0151
Here’s the official description:
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
The vulnerability stems from incorrect bounds checking of certain values in packets for UDP port 18999 of an affected device. An attacker could exploit this bug by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may take place.
If exploited successfully, an attacker could execute arbitrary code on the targeted device with elevated privileges. On top of that, the attacker could also exploit the bug to cause the device to reload, leading to a temporary DoS condition in the time the device is reloading.
The vulnerability needs to be patched as soon as possible, and Cisco has prepared software updates. However, a workaround is possible with CVE-2018-0151 – blocking traffic to UDP 18999, researchers say.
2. CVE-2018-171
Official description:
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
To be more specific, an attacker exploiting this flaw could send a malicious message to TCP port 4786 on a client device and could either trigger a denial of service attack or create conditions for remote code execution. There are no workarounds that address this flaw, Cisco said.
3. CVE-2018-015
According to Cisco’s security advisory:
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.
The vulnerability is caused by an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to a targeted device. If exploited successfully, the attacker could log in to the device with privilege level 15 access, Cisco said.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: