Rewterz Threat Advisory –Multiple Old Cisco Vulnerabilities Exploited In The Wild

Severity

High

Analysis Summary

Cisco has updated multiple security advisories to warn about the active exploitation of several old vulnerabilities affecting its products. The severity rating of these old vulnerabilities was critical or high. All of these vulnerabilities carried a CVSS score of 9.8. 

Many of the ‘critical’ or ‘high’ severity vulnerabilities have been addressed for four to five years, but organizations that haven’t patched their devices are still at risk.

Recently, cisco warned the organizations of more than 20 advisories which increased the risk in the security of Cisco IOS, NX-OS, and HyperFlex software.

“In March 2022, the Cisco Product Security Incident Response Team (PSIRT) became aware of additionally attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,”

The following critical vulnerabilities are being exploited in attacks:

CVE-2017-12240 

Cisco IOS and Cisco IOS XE could allow a remote attacker to execute arbitrary code on the system, caused a buffer overflow condition in the DHCP relay subsystem. By sending a specially crafted DHCP Version 4 (DHCPv4) packet, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2018-0171

Cisco IOS and Cisco IOS XE are vulnerable to a buffer overflow, caused by improper bounds checking by the Smart Install feature. By sending a specially crafted Smart Install message to an affected device on TCP port 4786, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2018-0125

Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controlled input in an HTTP request in the Web interface. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges or cause the device to reload.

CVE-2021-1497

Cisco HyperFlex HX Installer Virtual Machine could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of input in the Web-based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the device with root privileges.

CVE-2018-0147

Cisco Secure Access Control System (ACS) could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content. By sending a specially crafted serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.

Impact

• Code Execution
• Buffer Overflow
• Command Execution

Indicators Of Compromise

CVE

• CVE-2017-12240
• CVE-2018-0171
• CVE-2018-0125
• CVE-2018-0147
• CVE-2021-1497

Affected Vendors

Cisco

Affected Products

• Cisco IOS 12.2
• Cisco IOS XE 16.1.1
• Cisco RV132W ADSL2+ Wireless-N VPN Router
• Cisco RV134W VDSL2 Wireless-AC VPN Router
• Cisco Secure Access Control Server 5.8
• Cisco HyperFlex HX Installer Virtual Machine 4.0
• Cisco HyperFlex HX Installer Virtual Machine 4.5

Remediation

Organizations are advised to review Cisco’s advisories here and implement security patches provided by the company.