Três vulnerabilidades críticas foram encontradas em produtos Cisco. Mais especificamente, IOS da Cisco e IOS XE conter duas falhas – CVE-2018-0151 e CVE-2018-171. O terceiro diz respeito defeitos única Cisco IOS XE Software. Se explorada, que poderia permitir que um não autenticado, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password used at initial boot.
1. CVE-2018-0151
Here’s the official description:
UMA vulnerabilidade in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
The vulnerability stems from incorrect bounds checking of certain values in packets for UDP port 18999 of an affected device. An attacker could exploit this bug by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may take place.
Se explorado com sucesso, an attacker could execute arbitrary code on the targeted device with elevated privileges. Em cima disso, the attacker could also exploit the bug to cause the device to reload, leading to a temporary DoS condition in the time the device is reloading.
The vulnerability needs to be patched as soon as possible, and Cisco has prepared software updates. Contudo, a workaround is possible with CVE-2018-0151 – blocking traffic to UDP 18999, pesquisadores dizem.
2. CVE-2018-171
Descrição oficial:
Uma vulnerabilidade no Smart característica do Cisco IOS Software e Cisco IOS XE Software Instalar poderia permitir que um não autenticado, atacante remoto para acionar uma recarga de um dispositivo afetado, resultando em uma negação de serviço (DoS) condição, ou para executar código arbitrário num dispositivo afectado.
Para ser mais específico, an attacker exploiting this flaw could send a malicious message to TCP port 4786 on a client device and could either trigger a denial of service attack or create conditions for remote code execution. There are no workarounds that address this flaw, Cisco said.
3. CVE-2018-015
According to Cisco’s security advisory:
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.
a vulnerabilidade is caused by an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to a targeted device. Se explorado com sucesso, the attacker could log in to the device with privilege level 15 Acesso, Cisco said.