SB2016092103 - Multiple vulnerabilities in Cisco IOS
Published: September 21, 2016
Security Bulletin ID
SB2016092103
Severity
Low
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2016-6414)
The vulnerability allows a local authenticated user to gain elevated privileges and perform command injection on the target system.The weakness is caused by improper input validation. Using of specially crafted iox command line parameters allows attackers to cause an input validation flaw and execute arbitrary commands on the IOx Linux guest operating system (GOS).
Successful exploitation of the vulnerability may lead to privilege escalation and command injection on the vulnerable system.
2) Denial of service (CVE-ID: CVE-2016-6409)
The vulnerability allows a remote user to cause denial of service on the target system.The weakness is caused by improper bounds validation. By sending specially crafted data attackers can cause a boundary error in the Cisco Data in Motion (DMo) component that leads to denial of service conditions on the target DMo process.
Successful exploitation of the vulnerability results in denial of service on the vulnerable service.
3) Information disclosure (CVE-ID: CVE-2016-6410)
The vulnerability allows a remote authenticated user to obtain potentially sensitive information.The weakness is caused by improper input validation. To exploit the vulnerability attackers can send specially crafted data that invokes input validation flaw and allows to view arbitrary files.
Successful exploitation of the vulnerability may result in information disclosure.
4) Information modification (CVE-ID: CVE-2016-6412)
The vulnerabiity allows a remote user to modify user's information on the target system.The weakness exists due to input validation flaw in the Cisco Application-hosting Framework (CAF) component. By insertion specially crafted HTTP headers into the communications path between the user and the target IOS system attackers can download an arbitrary file.
Successful exploitation of the vulnerability may result in modification of target user's data.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1