CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesMultiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution

Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2018-063

DATE(S) ISSUED:

06/07/2018

OVERVIEW:

Multiple vulnerabilities have been discovered in Cisco products including AnyConnect Secure Mobility Client, Cisco AnyConnect Network Access Manager, Cisco FireSIGHT System Software, Cisco Unity Connection, Cisco Identity Services Engine, Cisco Unified Communications Manager Software, Cisco Unified Computing System Software, Cisco UCS Director Software, Cisco Integrated Management Controller Supervisor Software, Cisco Wide Area Application Services, Cisco WebEx, Cisco Unified IP Phone Software, Cisco Adaptive Security Appliance Software, Cisco Firepower Threat Defense Software, Cisco IOS XE Software, Cisco Prime Collaboration Provisioning, Cisco Meeting Server, Cisco IP Phone 6800, 7800, and 8800 Series Phones, many Cisco Voice Operating System, and Cisco Network Services Orchestrator.

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Cisco Prime Collaboration Provisioning
  • Cisco devices running IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 when configured to use AAA for login authentication
  • Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software
  • Cisco Network Services Orchestrator versions 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, and 4.4 through 4.4.2.0
  • Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2)
  • Cisco Prime Collaboration Assurance
  • Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager, Unified Communications Manager IM and Presence Service, Unified Communication Manager Session Management Edition, Unified Contact Center Express, Unified Intelligence Center, Unity Connection, and Virtualized Voice Browser
  • Cisco Meeting Server 2000 Platforms running a CMS Software release prior to Release 2.2.13 or Release 2.3.4.
  • Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance, ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance, Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, and FTD Virtual
  • Cisco Unified IP Phone software
  • Cisco WebEx
  • Cisco Wide Area Application Services with default configuration
  • Cisco UCS Director Software
  • Cisco Integrated Management Controller Supervisor Software
  • Cisco Unified Computing System Software
  • Cisco Unified Communications Manager Software
  • Cisco Identity Services Engine
  • Cisco Unity Connection
  • Cisco FireSIGHT System Software
  • Cisco AnyConnect Network Access Manager
  • Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows and Linux

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Cisco AnyConnect Secure Mobility Client, Cisco AnyConnect Network Access Manager, Cisco FireSIGHT System Software, Cisco Unity Connection, Cisco Identity Services Engine, Cisco Unified Communications Manager Software, Cisco Unified Computing System Software, Cisco UCS Director Software, Cisco Integrated Management Controller Supervisor Software, Cisco Wide Area Application Services, Cisco WebEx, Cisco Unified IP Phone Software, Cisco Adaptive Security Appliance Software, Cisco Firepower Threat Defense Software, Cisco IOS XE Software, Cisco Prime Collaboration Provisioning, Cisco Meeting Server, Cisco IP Phone 6800, 7800, and 8800 Series Phones, Cisco Voice Operating System, and Cisco Network Services Orchestrator. The most severe of these vulnerabilities could allow for remote code execution. Details of these vulnerabilities are as follows:

  • A remote method invocation vulnerability exists in Cisco Prime Collaboration Provisioning due to an open port in the Network Interface and Configuration Engine (CVE-2018-0321).
  • A remote code execution vulnerability exists in the parsing of login authentication due to incorrect memory operations when a device running Cisco IOS XE Software is configured to use AAA for login authentication (CVE-2018-0315).
  • A security bypass vulnerability exists in traffic-monitoring functions in Cisco Web Security Appliance due to a change in the underlying operating system software (CVE-2018-0353).
  • An SQL injection vulnerability exists in the web framework code of Cisco Prime Collaboration Provisioning due to a lack of proper validation on user-supplied input in SQL queries (CVE-2018-0320).
  • An unauthorized password reset vulnerability exists in the password reset function of Cisco Prime Collaboration Provisioning due to insufficient validation of a password reset request (CVE-2018-0318).
  • An unauthorized password recovery vulnerability exists in the password recovery function of Cisco Prime Collaboration Provisioning due to insufficient validation of a password recovery request (CVE-2018-0319).
  • An access control bypass vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning due to insufficient web portal access control checks (CVE-2018-0317).
  • An access control vulnerability exists in the web management interface of Cisco Prime Collaboration Provisioning due to a failure to enforce access restrictions on the Help Desk and User Provisioning roles that are assigned to authenticated users (CVE-2018-0322).
  • An arbitrary command execution vulnerability exists in the CLI parser of Cisco Network Services Orchestrator due to insufficient input validation (CVE-2018-0274).
  • A denial of service vulnerability exists in the Session Initiation Protocol call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phone with Multiplatform Firmware due to the firmware of an affected phone incorrectly handling errors that could occur when an incoming phone call is not answered (CVE-2018-0316).
  • A denial of service vulnerability exists in multiple Cisco products due to a certain system log file not having a maximum size restriction (CVE-2017-6779).
  • An information disclosure vulnerability exists in Cisco Meeting Server due to incorrect default configuration of the device (CVE-2018-0263).
  • A denial of service vulnerability exists in the web interface of the Cisco Adaptive Security Appliance due to the lack of proper input validation of the HTTP URL (CVE-2018-0296).
  • A denial of service vulnerability exists in the Session Initiation Protocol ingress packet processing of Cisco Unified IP Phone software due to a lack of flow-control mechanisms in the software (CVE-2018-0332).
  • A cross-site scripting vulnerability exists in the web framework of Cisco WebEx due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP Get and HTTP Post methods (CVE-2018-0356, CVE-2018-0357).
  • A static SNMP credentials vulnerability exists in the default configuration of the Simple Network Management Protocol feature of Cisco Wide Area Application Services Software due to a hard-coded, read-only community string in the configuration file for the SNMP daemon (CVE-2018-0329).
  • A privilege escalation vulnerability exists in the Disk Check Tool for Cisco Wide Area Application Services due to insufficient validation of script files executed in the context of the Disk Check Tool (CVE-2018-0352).
  • A cross-site scripting vulnerability exists in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software due to insufficient validation of user-supplied input by the web-based management interface of the affected software (CVE-2018-0149).
  • A role-based access vulnerability exists in the role-based access-checking mechanisms of Cisco Unified Computing System Software due to the affected software lacking proper input and validation checks for certain file systems (CVE-2018-0338).
  • A cross-site scripting vulnerability exists in the web framework of the Cisco Unified Communications Manager Software due to insufficient validation of certain parameters passed to the web server (CVE-2018-0340).
  • A privilege escalation vulnerability exists in the batch provisioning feature of Cisco Prime Collaboration Provisioning due to insufficient authorization enforcement on batch processing (CVE-2018-0336).
  • A cross-site scripting vulnerability exists in the web-based management interface of Cisco Identity Services Engine due to insufficient input validation of some parameters passed to the web-based management interface (CVE-2018-0339).
  • A cross-frame scripting vulnerability exists in the web UI of Cisco Unified Communications Manager due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software (CVE-2018-0355).
  • A cross-site scripting vulnerability exists in the web framework of Cisco Unity Connection due to insufficient input validation of certain parameters that are passed to affected software via the HTTP Get and HTTP Post methods (CVE-2018-0354).
  • A cleartext passwords written to world-readable file vulnerability exists the web portal authentication process of Cisco Prime Collaboration Provisioning due to improper logging of authentication data (CVE-2018-0335).
  • A VPN policy bypass vulnerability exists in the VPN configuration management of Cisco FireSIGHT System Software due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed (CVE-2018-0333).
  • A client certificate bypass vulnerability exists in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows and Linux due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation (CVE-2018-0334).

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply patches provided by Cisco immediately after appropriate testing.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.

REFERENCES:

Cisco:
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cuc-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-FireSIGHT-vpn-bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass
CVE:
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cuc-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-FireSIGHT-vpn-bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass
June 26 – UPDATED REFERENCES - Help Net Security:
https://www.helpnetsecurity.com/2018/06/26/cisco-asa-firepower-flaw/

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches CIS Benchmark and Other Tools for Related Technology Arrow Cisco