Cisco employees discovered several vulnerabilities in CISCO Industrial Network Director product, including a high severity code execution flaw.
The Cisco Industrial Network Director is used to manage industrial networks, it helps operations teams gain full visibility into the automation network for improved system availability and increase overall equipment effectiveness
Three flaws were discovered during an internal security testing, the most serious one tracked as CVE-2019-1861 is a remote code execution vulnerability that received a CVSS score of 7.2.
“A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code.” reads the security advisory published by Cisco.
“The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.”
The flaw could be exploited by an authenticate attacker to the target system with admin privileges and upload any malicious file, then execute arbitrary code with elevated privileges.
The security hole has been patched with the release of version 1.6.0. Prior versions are impacted.
Another flaw discovered in the Industrial Network Director is a stored cross-site scripting (XSS) tracked as CVE-2019-1882. The flaw, rated as medium severity, can be exploited remotely by an authenticated attacker to carry out XSS attacks,
“A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored
“The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks.”
The third flaw is a cross-site request forgery (CSRF) flaw that could be exploited by an
The flaw tracked as CVE-2019-1881 has been rated as medium severity.
“A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.” reads the advisory.
“The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device.”
(SecurityAffairs – CISCO, hacking)