Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)

Data Consult > alert > Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)
Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)

Hello,


On April 20th, Cisco released multiple advisories detailing security vulnerabilities that affect a wide range of their products including ASA firewall, Unified Communications Manager (CUCM), WLC and more. The vulnerabilities, if exploited, would allow an attacker to launch a denial-of-service (DoS) attack on the device, possibly resulting in service disruption.

The vulnerabilities details and remedies are listed below.
It is advised that you check if any component of your network is affected, and if so, to patch it the soonest to prevent a potential breach.

libSRTP DoS Vulnerability (CVE-2015-6360):
The vulnerability is in the encryption processing subsystem of libSRTP (a Secure Real-Time Transport Protocol -SRTP- library). It could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. Cisco released version 1.5.3 of libSRTP to address this issue which affects multiple products (including ASA, CUCM and IOS XE).

Product BugID Fixed Release
Collaboration and Social Media
Cisco WebEx Meetings Server versions 1.x CSCux00729
Cisco WebEx Meetings Server versions 2.x CSCux00729 2.6.1 and 2.7 (June 2016)
Endpoint Clients and Client Software
Cisco Jabber CSCux00711 11.6
Network and Content Security Devices
Cisco Adaptive Security Appliance (ASA) Software1 CSCux00686 8.4.7.31
9.1.7
9.2.4.6
9.3.3.8
Routing and Switching – Enterprise and Service Provider
Cisco IOS XE Software2 CSCux04317 3.14.3S
3.13.5S
3.16.2S
3.10.7S
3.17.1S
3.15.3S
Voice and Unified Communications Devices
Cisco IP Phone 88×1 Series CSCux00708 11.0(1)
Cisco DX Series IP Phones CSCux00697 10.2(5)
Cisco IP Phone 88×5 Series CSCux00748 11.0(1)
Cisco Unified 7800 Series IP Phones CSCux00742 11.0(1)
Cisco Unified 8831 Series IP Conference Phone CSCux01782
Cisco Unified 8961 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
Cisco Unified 9951 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
Cisco Unified 9971 IP Phone CSCux00707 9.4(2)SR3 (August 2016)
Cisco Unified Communications Manager (UCM) CSCux00716 10.5(2)SU3
Cisco Unified Communications Manager Session Management Edition (SME) CSCux00716 10.5(2)SU3
Cisco Unified IP Phone 7900 Series CSCux00745 9.4(2)SR2
Cisco Unified IP Phone 8941 and 8945 (SIP) CSCux01786
Cisco Unified Wireless IP Phone CSCux37802 1.4.8.4
Cisco Unity Connection (UC) CSCux35568 10.5(2)SU3
ASA DHCPv6 Relay DoS Vulnerability (CVE-2016-1367):
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.
Product BugID Affected Versions Condition Fixed Release
ASA 5500-X Series
CSCus23248
9.4.1
DHCPv6 relay feature is configured. Example:
asa#show running-config ipv6 dhcprelay
ipv6 dhcprelay enable outside
9.4(1.1)
9.4(2)
9.5(1)
9.5(2)
ASA Services Module for Catalyst 6500 and 7600 Routers
Cisco Adaptive Security Virtual Appliance (ASAv)
WLC Multiple DoS Vulnerabilities
  • CVE-2016-1363: WLC HTTP Parsing DoS Vulnerability
    The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition. 
  • CVE-2016-1364: WLC Bonjour Task Manager DoS Vulnerability
    A vulnerability in the Bonjour task manager of WLC could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software.
  • CVE-2016-1362: WLC Management Interface DoS Vulnerability
    The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.
Product Vulnerability CVE BugID Major Release First Fixed Release
for this Vulnerability
First Fixed Release for all 3 WLC Vulnerabilities
WLC
HTTP Parsing DoS
CVE-2016-1363
CSCus25617
pre-7.2 not affected
7.2 8.0.132.0
8.0.132.0
7.3 8.0.132.0
7.4 7.4.140.0(MD)
7.5 8.0.132.0
7.6 8.0.132.0
8.0 8.0.115.0(ED)
8.1 and later not affected
WLC Bonjour Task Manager DoS
CVE-2016-1364
CSCur66908
pre-7.4 not affected
8.0.132.0
7.4 7.4.130.0(MD)
7.5 8.0.132.0
7.6 8.0.132.0
8.0 8.0.110.0
8.1 and later not affected
Management Interface DoS
CVE-2016-1362
CSCun86747
4.x
8.0.132.0
8.0.132.0
5.x
6.5
7.0
7.1
7.2
7.3
7.4 7.4.130(MD)
7.5 8.0.132.0
7.6 7.6.120.0
8.0 and later not affected
Elie Bassil
Sources:

Related Posts