Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers.

Giving a close look at the flaws addressed by CISCO, we find the CVE-2017-12229 vulnerability that affects the REST API and that could be exploited by a remote attacker to bypass authentication and gain access to the web-based user interface of network devices running vulnerable versions of the IOS software.

“A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software.” reads the CISCO security advisory.

“The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software.”

CISCO also fixed the vulnerability CVE-2017-12230, it is a critical flaw that affects the web-based user interface that could be exploited by an authenticated attacker to escalate privileges. The problem is related to the creation of new users via the web interface that are given elevated privileges by default.

“A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device.” reads the CISCO security advisory.

“The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device.”

The last security critical flaw is CVE-2017-12240 and affects the DHCP relay subsystem in IOS and IOS XE software. The vulnerability could be exploited by a remote and unauthenticated attacker that can execute arbitrary code and gain full control of the targeted system. The flaw could be also exploited to cause a denial-of-service (DoS) condition by triggering a buffer overflow via specially crafted DHCPv4 packets.

“The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.” states the CISCO advisory.

Cisco also addressed a total of 11 high severity vulnerability affecting various components of the IOS and/or IOS XE software.

The list of flaws includes DoS vulnerabilities affecting Catalyst switches, Integrated Services routers, industrial Ethernet switches, ASR 1000 series routers, and cBR-8 Converged Broadband routers.

The networking giant has also addressed two serious authentication bypass and certificate validation vulnerabilities.

Pierluigi Paganini

(Security Affairs – CISCO IOS, hacking)