Request a Demo
Rewterz
Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020
Rewterz
Rewterz Threat Alert – Lazarus FastCash – IOCs
June 6, 2020

Rewterz Threat Advisory – Multiple Cisco IOS XE Software Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2020-3224

The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.

CVE-2020-3229

The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.

CVE-2020-3211

The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.

CVE-2020-3212

The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.

CVE-2020-3219

The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

CVE-2020-3200

The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Impact

  • Denial of service
  • Privilege escalation
  • Gain access

Affected Vendors

Cisco

Affected Products

Cisco IOS XE Software

Remediation

Refer to vendor’s advisory for the complete list of affected products and upgraded patches.

https://tools.cisco.com/security/center/publicationListing.x