Cisco Industrial switches affected by an unpatched flaw

Pierluigi Paganini February 16, 2016

Cisco disclosed a DoS vulnerability affecting the IOS software running on the industrial switches belonging to the Industrial Ethernet 2000 Series.

Last week I wrote about a vulnerability affecting CISCO Universal Small Cell kits that allows unauthenticated remote users to retrieve devices’ firmware, now another vulnerability is worrying the customers of the IT Giants. The flaw coded as CVE-2016-1330 affects Cisco Industrial Ethernet 2000 Series Switches running IOS Software 15.2(4)E.

The flaw affects the way the devices processes Cisco Discovery Protocol (CDP) packets, an unauthenticated attacker with access to the network can send specially crafted CDP packets to the Cisco Industrial Switches to cause vulnerable devices to reload.

“A vulnerability in the processing of Cisco Discovery Protocol (CDP) packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload.” states the Cisco Security Advisory. “The vulnerability is due to improper processing of crafted CDP packets. An attacker could exploit this vulnerability by sending a crafted CDP packet to an affected device. An exploit could allow the attacker to cause the affected device to reload.”

Cisco has yet to release a patch to solve the issue and there are no workarounds, fortunately, the vulnerability hasn’t been exploited in the wild.

industrial switches Industrial Ethernet 2000 Series

Cisco disclosed also a second vulnerability, coded as CVE-2016-1331, in Cisco Emergency Responder, a family of devices designed to allow emergency teams to identify the location of 911 callers. The vulnerability is a cross-site scripting (XSS) rated as medium-severity that allows unauthenticated attacker to execute arbitrary code in the context of the vulnerable web interface and access potentially sensitive browser information.

“A vulnerability in the web framework code of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.” states the Cisco Advisory.”

“The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information.” 

In a possible attack scenario, the attacker can trigger the vulnerability by tricking the victim into clicking on a malicious link or by injecting malicious code into an intercepted connection.

Also in this case, there is no patch available neither a workaround.

Stay tuned…

Pierluigi Paganini

(Security Affairs – Cisco Industrial Switches, hacking)



you might also like

leave a comment