Cisco Systems has released fixes for three severe security flaws in its IOS XE network operating system. Remote attackers could have easily leveraged these flaws to run arbitrary code with administrator rights on affected devices, resulting in a denial-of-service (DoS) scenario.
The three flaws are:
- CVE-2021-34770(CVSS score: 10.0)
- CVE-2021-34727(CVSS score: 9.8)
- CVE-2021-1619(CVSS score: 9.8)
Out of these three, CVE-2021-34770 is the most severe vulnerability. Cisco describes it as a “logic mistake” that happens during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets.
The company alerted that an attacker may take advantage of this flaw by delivering a specially designed CAPWAP packet to a vulnerable device. The attacker may leverage a successful exploit to run arbitrary code with administrator rights or force the vulnerable device to crash and reload, resulting in a DoS scenario.
In contrast, CVE-2021-34727 is about an inadequate bounds check while receiving incoming network traffic to the device. As a result, an attacker may send specially designed communication to the device, leading to arbitrary code execution with root privileges or a device restart. The flaw affects the SD-WAN capability on 1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series.
The third one, CVE-2021-1619, is an “uninitialized variable” in Cisco IOS XE Software’s authentication, authorization, and accounting (AAA) function. It might allow a remote attacker who is authenticated to “install, modify, or remove the configuration of a network device or corrupt memory on the device, ending in a DoS.”
Cisco has also fixed 15 vulnerabilities with high severity and another 15 with medium-severity, impacting several IOS XE software components and the Cisco Access Points platform and Cisco SD-WAN vManage Software.
It is advised that users and administrators install the appropriate updates to reduce the possibility of bad actors exploiting the vulnerability.