Cisco has released security patches for a number of high-severity vulnerabilities in the CISCO Management and other security products.
One of the flaws, a critical vulnerability in the Cisco Prime Collaboration Provisioning (CVE-2016-1416), could be exploited by a remote attacker to bypass authentication and gain full administrator privileges on the affected system.
The vulnerability plagued the Cisco Prime Collaboration Provisioning version 10.6 if the SP2 is installed.
“A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.” states the security advisory published by Cisco. “The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges.”
Cisco has released software updates, available in the Cisco Software Center, to fix the flaw.
Cisco also fixed another critical vulnerability (CVE-2016-1289) that affected the API of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). A remote attacker can exploit the flaw to abuse the API and upload malicious code to the application server or access management data, such as login credentials.
The flaw is due to the improper input validation of HTTP requests for unauthenticated URIs.
The attacker could exploit it by sending a specially crafted HTTP request to the affected URIs.
“The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM.” reads the CISCO advisory that confirms also that the security issue impacts Prime Infrastructure versions 1.2 through 3.0, and EPNM version 1.2.
The IT giant also announced that the Firepower software running on some FirePOWER, Adaptive Security Appliance (ASA), Advanced Malware Protection (AMP), and Virtual Next-Generation Intrusion Prevention System products is plagued by a high severity flaw (CVE-2016-1394).
The software includes a user account with a default and static password that could be exploited by a remote attacker to log in to the device.
Cisco was also informed by Daniel Jensen from Security-Assessment.com of a medium severity remote code execution vulnerability in Prime Infrastructure and EPNM. The experts of the company are working to fix it, fortunately, it could be exploited only by an authenticated attacker.
(Security Affairs – Security updates, network security)