According to digital forensics experts, Cisco has embarked on a new workday full of security patches to fix multiple critical vulnerabilities present in its Aironet wireless access points, widely used by small and medium companies.
The company also released additional security patches to fix various flaws in other of its products. The most severe of these vulnerabilities could allow an unauthenticated remote hacker to gain access to specific devices, granting high privileges, such as the ability to access sensitive data and modify settings of the targeted devices. This vulnerability exists in Cisco software running on Aironet access points, which allow a device to connect to a wired network.
In its security alert, the company mentioned:
“Although the attack would not provide access to all available
configuration options, the attacker could access sensitive system information,
in addition to modifying some settings, such as wireless networks.”
Tracked as CVE-2019-15260, the vulnerability is
rated 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale, making it
a critical vulnerability. According to digital forensics experts, the flaw
exists due to weak access control on certain URLs of the affected devices.
A threat actor could exploit the failure by
requesting specific URLs from an affected access point. Affected Aironet
devices include the 1540, 1560, 1800, 2800, 3800, and 4800 series.
In addition to this failure, two additional
vulnerabilities were found in Aironet. One of these vulnerabilities exists due
to an error in processing functionality on access points, which processes only
point-to-point tunneling protocol VPN packets, an outdated method for deploying
VPN on any device. This flaw, identified as CVE-2019-15261, allows an
unauthenticated remote hacker to trigger the reload of an affected device,
generating a denial
of service (DoS) condition.
The second vulnerability, identified as
CVE-2019-15264, exists in the implementation of Aironet and Catalyst 9100’s
“Wireless Access Point Control and Provisioning” protocol. This
protocol allows any central wireless LAN access controller to manage a
collection of wireless access points. Exploiting this vulnerability would allow
an unauthenticated hacker to inadvertently reboot the device, generating a DoS
condition.
Digital forensics experts mention that Cisco
released update patches to fix a total of 41 vulnerabilities, including the
above mentioned critical flaw, 17 severe vulnerabilities, and 23 minor severity
failures.
One of the products that introduced the most
security flaws is the SPA100 series analog phone adapter, used for access to
Internet telephony services in hundreds of small businesses. Exploiting most of
these flaws would allow an authenticated hacker to execute arbitrary code.
From time to time, Cisco releases update
patches for several products. As reported by digital forensics experts from the
International Institute of Cyber Security (IICS) in September, the company
released 29 patches to fix security flaws across multiple products, such as
routers, industrial switches, and others devices running IOS XE software.
