tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesVulnerabilities in Cisco Cloud Services Platform Could Allow for Arbitrary Command Execution

Vulnerabilities in Cisco Cloud Services Platform Could Allow for Arbitrary Command Execution

MS-ISAC ADVISORY NUMBER:

2016-145

DATE(S) ISSUED:

09/21/2016

OVERVIEW:

Multiple vulnerabilities have been discovered in Cisco Cloud Services Platform that can result in arbitrary command execution and remote command injection. Cisco Cloud Services Platform 2100 is a turn-key, open x86 Linux Kernel-based Virtual Machine software and hardware platform for data center network functions virtualization. Attackers can exploit these issues to execute arbitrary commands on the host operating system with the privileges of root. Successful exploitation could allow an unauthenticated user to take control of the affected system and perform unauthorized actions.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Cisco Cloud Services Platform 2100 version 2.0 and prior

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: LOW
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: LOW
Home Users:
N/A

TECHNICAL SUMMARY:

Cisco Cloud Services Platform 2100 is prone to two vulnerabilities that could allow for arbitrary code execution. These vulnerabilities are as follows:
A vulnerability due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious ˜dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.
A vulnerability due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root.
Successful exploitation could allow remote attackers to perform unauthorized actions.

RECOMENDATIONS:

We recommend the following actions be taken:

• Install updates once released by Cisco after appropriate testing.
• Verify no unauthorized system modifications have occurred on system before applying patch.
• Monitor intrusion detection systems for any signs of anomalous activity.
• Unless required, limit external network access to affected products.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 11: Secure Configurations for Network Devices CIS Benchmark and Other Tools for Related Technology Arrow Cisco

Information Hub: Advisories