Three critical vulnerabilities have found in Cisco products. More specifically, Cisco’s IOS and IOS XE contain two flaws – CVE-2018-0151 and CVE-2018-171. The third flaw concerns only Cisco IOS XE Software. If exploited, it could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password used at initial boot.
Here’s the official description:
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
The vulnerability stems from incorrect bounds checking of certain values in packets for UDP port 18999 of an affected device. An attacker could exploit this bug by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may take place.
If exploited successfully, an attacker could execute arbitrary code on the targeted device with elevated privileges. On top of that, the attacker could also exploit the bug to cause the device to reload, leading to a temporary DoS condition in the time the device is reloading.
The vulnerability needs to be patched as soon as possible, and Cisco has prepared software updates. However, a workaround is possible with CVE-2018-0151 – blocking traffic to UDP 18999, researchers say.
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
To be more specific, an attacker exploiting this flaw could send a malicious message to TCP port 4786 on a client device and could either trigger a denial of service attack or create conditions for remote code execution. There are no workarounds that address this flaw, Cisco said.
According to Cisco’s security advisory:
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.
The vulnerability is caused by an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to a targeted device. If exploited successfully, the attacker could log in to the device with privilege level 15 access, Cisco said.