Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director.
The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges. The bug has a CVSS score of 9.8.
Tracked as CVE-2020-3161, the issue exists because input in HTTP requests is not properly validated. Thus, an attacker could exploit the flaw by sending a crafted HTTP request to the web server of a vulnerable device.
“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer,” Tenable, which reported the bug to Cisco, explains.
IP Phone 7811, 7821, 7841, and 7861 Desktop Phones; IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones; Unified IP Conference Phone 8831; and Wireless IP Phone 8821 and 8821-EX were found to be affected.
Software updates that Cisco released this week address the vulnerability. The company says that, while it is aware of the flaw being publicly disclosed (Tenable has published a DoS proof-of-concept), it is not aware of the bug being targeted in attacks.
A total of three critical vulnerabilities were addressed in Cisco UCS Director and UCS Director Express for Big Data, all three discovered in the REST API. The bugs may allow a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.
The flaws are tracked as CVE-2020-3239, CVE-2020-3240, and CVE-2020-3243, and exist due to insufficient access control validation and ..
Support the originator by clicking the read the rest link below.
