My TechDecisions

IT Infrastructure, Network Security, News

Patch Now: Cisco, CISA Sound The Alarm On Four Software Flaws

The networking company released patches for vulnerabilities in Cisco Policy Suite, network switches and Cisco’s Email Security Appliance.

Leave a Comment

Cisco Live 2023
Cisco's headquarters. stock.adobe.com/Sundry Photography

Cisco and the U.S. Cybersecurity and Infrastructure Security Agency are urging organizations to apply updates that patch critical vulnerabilities in Cisco products.

The networking company released patches for several vulnerabilities this week, including two rated critical and two rated high, impacting Cisco Policy Suite, two lines of switches and Cisco’s Email Security Appliance.

The vulnerabilities are noteworthy enough that CISA issued its own advisory, urging organizations to apply the company’s patches.

Cisco Policy Suite SSH Keys Vulnerability (CVE-2021-40119)

The company identified a vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite that could allow an unauthenticated, remote attacker to log in to an affected system as the root user, the company said in an advisory.

According to NIST’s national vulnerability database, the vulnerability is due to the re-use of static SSH keys across installations. Threat actors can exploit this by extracting a key from a system under their control and log into a system as the root user.

Cisco rates this vulnerability as 9.8.

Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities (CVE-2021-34795, CVE-2021-40112, CVE-2021-40113)

Cisco identified a trio of vulnerabilities in its Catalyst Passive Optical Network Series Switches Optical Network Terminal that it scores 10.0, meaning this is as critical s it gets.

According to the company, these vulnerabilities could allow a remote unauthenticated attacker to log in with a default credential if the Telnet protocol is enabled, perform command injection and modify the configuration.

An attacker doesn’t need to exploit one vulnerability to exploit another, and a software release affected by one of the vulnerabilities may not be affected by others, the company says.

  • The specific products affected include: Catalyst PON Switch CGP-ONT-1P
  • Catalyst PON Switch CGP-ONT-4P
  • Catalyst PON Switch CGP-ONT-4PV
  • Catalyst PON Switch CGP-ONT-4PVC
  • Catalyst PON Switch CGP-ONT-4TVCW

Cisco Small Business Series Switches Session Credentials Replay Vulnerability (CVE-2021-34739)

This vulnerability in the web-based management interface of Cisco’s line of Small Business switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain access to the web-based management interface of an affected device.

According to Cisco, this is due to insufficient expiration of session credentials. This is exploited by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and replaying the intercepted credentials toward the same device at a later time.

This vulnerability, given a severity score of 8.1 could result in a hacker accessing the web-based management interface with admin privileges.

Impacted devices include:

  • 250 Series Smart Switches
  • 350 Series Managed Switches
  • 350X Series Stackable Managed Switches
  • 550X Series Stackable Managed Switches
  • Business 250 Series Smart Switches
  • Business 350 Series Managed Switches
  • ESW2 Series Advanced Switches
  • Small Business 200 Series Smart Switches
  • Small Business 300 Series Managed Switches
  • Small Business 500 Series Stackable Managed Switches

Cisco Email Security Appliance Denial of Service Vulnerability (CVE-2021-34741)

This vulnerability, assigned a score of 7.5, is in the email scanning algorithm of Cisco AsyncOS software for the Cisco Email Security Appliance that could allow a remote attacker to perform a denial of service attack on an affected device.

According to Cisco, this is due to insufficient input validation of incoming emails. It can be exploited by sending a crafted email through Cisco ESA, which could allow an attacker to exhaust the available CPU resources on the affected device for an extended period of time, preventing other emails from being processed.

For more information on these vulnerabilities and lower-severity vulnerabilities and patches, visit Cisco’s security advisory page.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ