Cisco and the U.S. Cybersecurity and Infrastructure Security Agency are urging organizations to apply updates that patch critical vulnerabilities in Cisco products.
The networking company released patches for several vulnerabilities this week, including two rated critical and two rated high, impacting Cisco Policy Suite, two lines of switches and Cisco’s Email Security Appliance.
The vulnerabilities are noteworthy enough that CISA issued its own advisory, urging organizations to apply the company’s patches.
Cisco Policy Suite SSH Keys Vulnerability (CVE-2021-40119)
The company identified a vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite that could allow an unauthenticated, remote attacker to log in to an affected system as the root user, the company said in an advisory.
According to NIST’s national vulnerability database, the vulnerability is due to the re-use of static SSH keys across installations. Threat actors can exploit this by extracting a key from a system under their control and log into a system as the root user.
Cisco rates this vulnerability as 9.8.
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities (CVE-2021-34795, CVE-2021-40112, CVE-2021-40113)
Cisco identified a trio of vulnerabilities in its Catalyst Passive Optical Network Series Switches Optical Network Terminal that it scores 10.0, meaning this is as critical s it gets.
According to the company, these vulnerabilities could allow a remote unauthenticated attacker to log in with a default credential if the Telnet protocol is enabled, perform command injection and modify the configuration.
An attacker doesn’t need to exploit one vulnerability to exploit another, and a software release affected by one of the vulnerabilities may not be affected by others, the company says.
- The specific products affected include: Catalyst PON Switch CGP-ONT-1P
- Catalyst PON Switch CGP-ONT-4P
- Catalyst PON Switch CGP-ONT-4PV
- Catalyst PON Switch CGP-ONT-4PVC
- Catalyst PON Switch CGP-ONT-4TVCW
Cisco Small Business Series Switches Session Credentials Replay Vulnerability (CVE-2021-34739)
This vulnerability in the web-based management interface of Cisco’s line of Small Business switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain access to the web-based management interface of an affected device.
According to Cisco, this is due to insufficient expiration of session credentials. This is exploited by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and replaying the intercepted credentials toward the same device at a later time.
This vulnerability, given a severity score of 8.1 could result in a hacker accessing the web-based management interface with admin privileges.
Impacted devices include:
- 250 Series Smart Switches
- 350 Series Managed Switches
- 350X Series Stackable Managed Switches
- 550X Series Stackable Managed Switches
- Business 250 Series Smart Switches
- Business 350 Series Managed Switches
- ESW2 Series Advanced Switches
- Small Business 200 Series Smart Switches
- Small Business 300 Series Managed Switches
- Small Business 500 Series Stackable Managed Switches
Cisco Email Security Appliance Denial of Service Vulnerability (CVE-2021-34741)
This vulnerability, assigned a score of 7.5, is in the email scanning algorithm of Cisco AsyncOS software for the Cisco Email Security Appliance that could allow a remote attacker to perform a denial of service attack on an affected device.
According to Cisco, this is due to insufficient input validation of incoming emails. It can be exploited by sending a crafted email through Cisco ESA, which could allow an attacker to exhaust the available CPU resources on the affected device for an extended period of time, preventing other emails from being processed.
For more information on these vulnerabilities and lower-severity vulnerabilities and patches, visit Cisco’s security advisory page.