There is a vulnerability in a Cisco firewall, VPN, and dial-up router. The supplier also recommends to its customers Docker / Kubernetes and Webex to be vigilant.
whitefishalerts companies that allow remote access to fix a critical vulnerability in three of its products: a firewall, a VPN, and a wireless router. The vulnerability, which is rated at 9.8 out of 10 by the Common Vulnerability Scoring System, could allow attackers to break into their network. An attacker could, for example, send malicious HTTP requests to a target device. "If successful, the attacker could execute arbitrary code on the underlying operating system of the affected device with elevated user privileges," said Cisco. The vulnerability is in the Web Management Interface of three remote access security and communication products: Cisco RV110W Wireless-N VPN Firewall,
The web management interface of these devices is accessible via a local LAN connection or via the remote management function. "The remote management feature of these devices is disabled by default," Cisco said in its security advisory. Administrators can check whether the remote management feature is enabled for a device by going to the "Basic Settings> Remote Management" section of the web management interface. If the "Enable" box is checked, remote management is enabled for the device. "The vulnerability is related to improper validation of user-provided data in the web management interface," Cisco said. The vendor has released software updates that correct this vulnerability.
More security alerts were issued by the vendor this week.
Docker and Kubernetes
Cisco continues to monitor a runtime security issue with the Docker and Kubernetes containers. "This vulnerability is a result of the software's mismanagement of file descriptors related to / proc / self / exe. "An attacker could exploit the vulnerability either by persuading a user to create a new container using an attacker-controlled image, or by using the exec docker command to insert into an existing container for which he or she has access. already have write access, "said Cisco. "If successful, the attacker could overwrite the host's runc binary file with a malicious file, exit the container, and execute arbitrary commands with root privileges on the host system," Cisco said. For the moment, Three Cisco products are affected by this vulnerability: Cisco Container Platform, Cloudlock, and Defense Orchestrator. But the vendor is reviewing other products, including its widely used IOS XE software package.
Webex
Cisco has delivered a third patch fix for its Webex system. Specifically, the vendor stated in a notice that a vulnerability in the Cisco Webex Meetings Desktop App update service and Cisco Webex Productivity Tools for Windows could allow an authenticated local attacker to execute arbitrary commands as privileged user. In October and November, the company had corrected the problem, but it seems that was not enough. "The vulnerability is due to insufficient validation of the parameters provided by the user". An attacker could exploit this vulnerability by invoking the update service command with a custom argument. "An exploit could allow the attacker to execute arbitrary commands with SYSTEM user privileges, "explained Cisco. This vulnerability affects all Cisco Webex Meetings Desktop App versions earlier than 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later, before 33.0.7, when run on the Microsoft Windows system. an end user. Full details on the application of this patch are available here.