Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).

Cisco IND is a solution designed to provide full visibility and control of industrial automation networks as detailed on its spec sheet, while Cisco Unified Presence is an enterprise platform for exchanging presence and instant messaging info in and across organizations.

Cisco IND remote code execution vulnerability

The remote code execution (RCE) flaw impacting Cisco IND is tracked as CVE-2019-1861 and it could allow potential authenticated remote attackers to execute arbitrary code on machines running the vulnerable software.

“The vulnerability is due to improper validation of files uploaded to the affected application,” according to Cisco’s security advisory.

“An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.”

While there are no workarounds for this RCE vulnerability rated with a 7.2 CVSS 3.0 base score by Cisco, the company issued software updates which address this vulnerability starting with Cisco IND 1.6.0.

Cisco Unified Presence denial of service vulnerability

Cisco Unified Presence’s authentication service is affected by a security flaw with a CVSS 3.0 8.6 ratingand tracked as CVE-2019-1845 which could enable unauthenticated remote attackers to create a service outage for users trying to authenticate on vulnerable servers, triggering a denial of service (DoS) condition.

As detailed in Cisco’s security advisory, “The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system.”

“A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.”

Cisco says that the following software products are impacted by this DoS flaw if running a vulnerable version:

  • Expressway Series configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • TelePresence VCS configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • Unified Communications Manager IM&P Service (multiple releases)

Cisco patched the DoS vulnerability in releases X12.5.3 and later for Cisco Expressway Series and Cisco TelePresence VCS, while for Cisco Unified Communications Manager IM&P users should update to one of the versions listed in the table below:

Cisco Unified CM IM&P Service Major Release First Fixed Release
 10.5(2)  11.5(1) SU6 or 12.5(1)
 11.5(1)  11.5(1) SU6
 12.0(1)  12.5(1)
 12.5(1)  Not vulnerable

According to Cisco’s Product Security Incident Response Team (PSIRT), no malicious or active exploitation for the vulnerabilities described above has been detected.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.