Critical IOS Flaws Expose Cisco Devices to Remote Attacks

Cisco has released updates for its IOS software to address more than a dozen critical and high severity vulnerabilities that expose the company’s switches and routers to remote attacks.

One of the critical flaws is CVE-2017-12229, a REST API issue that allows a remote attacker to bypass authentication and gain access to the web-based user interface of devices running vulnerable versions of the IOS software.

Another critical vulnerability related to the web-based user interface is CVE-2017-12230, which allows an authenticated attacker to escalate privileges. The problem is caused by the fact that new users created via the web interface are given elevated privileges by default. An attacker can create a new account and use it to gain access to the device with high privileges.

The last security hole rated critical, CVE-2017-12240, affects the DHCP relay subsystem in IOS and IOS XE software. A remote and unauthenticated attacker can execute arbitrary code and gain full control of the targeted system or cause it to enter a denial-of-service (DoS) condition by triggering a buffer overflow via specially crafted DHCPv4 packets.

Cisco has also patched a total of 11 high severity flaws affecting various components of the IOS and/or IOS XE software. This includes DoS vulnerabilities affecting Catalyst switches, Integrated Services routers, industrial ethernet switches, ASR 1000 series routers, and cBR-8 Converged Broadband routers.

The networking giant has also addressed two serious authentication bypass and certificate validation vulnerabilities. One flaw that has not been resolved is a privilege escalation issue affecting Cisco 5760 Wireless LAN controllers, Catalyst 4500E Supervisor Engine 8-E switches, and New Generation Wireless Controllers (NGWC) 3850.

A majority of these security holes were discovered during internal testing and there is no evidence that they have been exploited for malicious purposes, Cisco said.