Cisco today warned user of a critical vulnerability in its CVR100W Wireless-N VPN router execute that could let an attacker issues arbitrary code or cause a denial of service situation.
The company also issues three “High” level impact warnings advisories on its IOS XR Software, Teleprescence and Aironet wireless access point products.
On the Critical warning, Cisco said a vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could let an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service (DoS).
+More on Network World: Cisco fires back at VMware decision to whack third party virtual switches+
“The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 220.127.116.11,” Cisco wrote.
The high impact advisories include:
- A vulnerability in the Event Management Service daemon of Cisco IOS XR routers, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover.
- A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1.
- A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first-time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco wrote that it has confirmed that the only vulnerable software version for this advisory is 18.104.22.168 on the following products running either the Lightweight AP Software or Mobility Express images: Cisco Aironet 1800 Series Access Points; Aironet 2800 Series Access Points; Aironet 3800 Series Access Points.
Cisco said it has released software updates that address all the vulnerabilities.
+More on Network World: Cisco grabs-up SD-WAN player Viptela for $610M+
The company also released 6 medium impact security advisories around its FirePower series, Wide Area Application Services SMART-SSL Accelerator; Cisco Finesse for Cisco Unified Contact Center; CVR100W Wireless-N VPN Router; Cisco Unity Connection ImageID; and continued warnings of multiple vulnerabilities in OpenSSL.