Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)

Hello,



On April 20th, Cisco released multiple advisories detailing security vulnerabilities that affect a wide range of their products including ASA firewall, Unified Communications Manager (CUCM), WLC and more. The vulnerabilities, if exploited, would allow an attacker to launch a denial-of-service (DoS) attack on the device, possibly resulting in service disruption.

The vulnerabilities details and remedies are listed below.
It is advised that you check if any component of your network is affected, and if so, to patch it the soonest to prevent a potential breach.



libSRTP DoS Vulnerability (CVE-2015-6360):
The vulnerability is in the encryption processing subsystem of libSRTP (a Secure Real-Time Transport Protocol -SRTP- library). It could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. Cisco released version 1.5.3 of libSRTP to address this issue which affects multiple products (including ASA, CUCM and IOS XE).

ProductBugIDFixed Release
Collaboration and Social Media
Cisco WebEx Meetings Server versions 1.xCSCux00729
Cisco WebEx Meetings Server versions 2.xCSCux007292.6.1 and 2.7 (June 2016)
Endpoint Clients and Client Software
Cisco JabberCSCux0071111.6
Network and Content Security Devices
Cisco Adaptive Security Appliance (ASA) Software1CSCux006868.4.7.31
9.1.7
9.2.4.6
9.3.3.8
Routing and Switching - Enterprise and Service Provider
Cisco IOS XE Software2CSCux043173.14.3S
3.13.5S
3.16.2S
3.10.7S
3.17.1S
3.15.3S
Voice and Unified Communications Devices
Cisco IP Phone 88x1 SeriesCSCux0070811.0(1)
Cisco DX Series IP PhonesCSCux0069710.2(5)
Cisco IP Phone 88x5 SeriesCSCux0074811.0(1)
Cisco Unified 7800 Series IP PhonesCSCux0074211.0(1)
Cisco Unified 8831 Series IP Conference PhoneCSCux01782
Cisco Unified 8961 IP PhoneCSCux007079.4(2)SR3 (August 2016)
Cisco Unified 9951 IP PhoneCSCux007079.4(2)SR3 (August 2016)
Cisco Unified 9971 IP PhoneCSCux007079.4(2)SR3 (August 2016)
Cisco Unified Communications Manager (UCM)CSCux0071610.5(2)SU3
Cisco Unified Communications Manager Session Management Edition (SME)CSCux0071610.5(2)SU3
Cisco Unified IP Phone 7900 SeriesCSCux007459.4(2)SR2
Cisco Unified IP Phone 8941 and 8945 (SIP)CSCux01786
Cisco Unified Wireless IP PhoneCSCux378021.4.8.4
Cisco Unity Connection (UC)CSCux3556810.5(2)SU3


ASA DHCPv6 Relay DoS Vulnerability (CVE-2016-1367):
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.

ProductBugIDAffected VersionsConditionFixed Release
ASA 5500-X Series
CSCus23248
9.4.1
DHCPv6 relay feature is configured. Example:
asa#show running-config ipv6 dhcprelay
ipv6 dhcprelay enable outside
9.4(1.1)
9.4(2)
9.5(1)
9.5(2)
ASA Services Module for Catalyst 6500 and 7600 Routers
Cisco Adaptive Security Virtual Appliance (ASAv)


WLC Multiple DoS Vulnerabilities
  • CVE-2016-1363: WLC HTTP Parsing DoS Vulnerability
    The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition. 
  • CVE-2016-1364: WLC Bonjour Task Manager DoS Vulnerability
    A vulnerability in the Bonjour task manager of WLC could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software.
  • CVE-2016-1362: WLC Management Interface DoS Vulnerability
    The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.
ProductVulnerabilityCVEBugIDMajor ReleaseFirst Fixed Release
for this Vulnerability
First Fixed Release for all 3 WLC Vulnerabilities
WLC
HTTP Parsing DoS
CVE-2016-1363
CSCus25617
pre-7.2not affected-
7.28.0.132.0
8.0.132.0
7.38.0.132.0
7.47.4.140.0(MD)
7.58.0.132.0
7.68.0.132.0
8.08.0.115.0(ED)
8.1 and laternot affected-
WLC Bonjour Task Manager DoS
CVE-2016-1364
CSCur66908
pre-7.4not affected
8.0.132.0
7.47.4.130.0(MD)
7.58.0.132.0
7.68.0.132.0
8.08.0.110.0
8.1 and laternot affected-
Management Interface DoS
CVE-2016-1362
CSCun86747
4.x
8.0.132.0
8.0.132.0
5.x
6.5
7.0
7.1
7.2
7.3
7.47.4.130(MD)
7.58.0.132.0
7.67.6.120.0
8.0 and laternot affected-

--
Elie Bassil

Sources:
Previous
Next Post »