Cisco Patches High-Severity Bug in VoIP Phones
July 16, 2018
Seid Yassin (557 articles)

Cisco Patches High-Severity Bug in VoIP Phones

A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday.

Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in the Web Security Appliance. Finally, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.

The most critical of the flaws, CVE-2018-0341, would allow command injection and remote code execution on IP phones, including higher-end models that have HD video call functionality. The advisory said that thanks to insufficient input validation, an authenticated user could send specially crafted shell commands to a specific user input field using the web-based user interface that links to the handsets. That could result in the ability to inject and execute arbitrary shell commands, opening the door for attackers to eavesdrop on conversations, intercept rich media data, place phone calls and more.

The vulnerability, found internally by the vendor, affects IP Phone 6800, 7800 and 8800 series devices that run a Multiplatform Firmware release prior to Release 11.2(1). No exploits have yet been seen in the wild, Cisco said – and the requirement for an attacker to be logged into the user interface in order to launch an attack somewhat mitigates the severity of the issue.

Cisco also sent out fixes for two medium-severity flaws in the Cisco FireSIGHT System Software, which provides centralized management for network security and operational functions for Cisco ASA with FirePOWER services and Cisco FirePOWER network security appliances. It automatically aggregates and correlates cyber-threat information for business users.

The first issue is a file policy bypass vulnerability (CVE-2018-0383), found in the detection engine of FireSIGHT. An unauthenticated, remote attacker could send a maliciously crafted FTP connection to transfer a file to an affected device; that file could carry malware built to disable the detection mechanisms in the system or carry out other nefarious actions.

“A successful exploit could allow the attacker to bypass a file policy that is configured to apply the ‘block upload’ with reset action to FTP traffic,” the vendor said.

The second vulnerability (CVE-2018-0384) in same detection engine could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system.

“The vulnerability exists because the affected software incorrectly handles TCP packets that are received out of order when a TCP SYN retransmission is issued,” the vendor explained. “An attacker could exploit this vulnerability by sending a maliciously crafted connection through an affected device. A successful exploit could allow the attacker to bypass a URL-based access control policy that is configured to block traffic for the affected system.”

Another medium-severity flaw (CVE-2018-0366) is a cross-site scripting vulnerability in the web-based management interface of the Cisco Web Security Appliance.

Using social engineering, a malicious actor could convince an interface user to click a specially crafted link that would then give threat actors the ability to execute arbitrary script code in the context of the interface, or allow the attacker to access sensitive browser-based information.

Meanwhile, Cisco has also patched a high-severity StarOS IPv4 fragmentation denial-of-service vulnerability (CVE-2018-0369). StarOS powers next-generation mobile networks, which support everything from tablets and smartphones to connected cars, smart-city and other IoT deployments. The platform provides virtualization and intelligence for mobile network architectures, and allows dynamic resource allocation for mobile services and networks to help wireless carriers manage their bandwidth to deliver higher levels of service to consumers and businesses.

Source | threatpost