Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild.
Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco Routers, Cisco Webex, Cisco Umbrella, Cisco SD-WAN Solution, Cisco Cloud Services Platform, Cisco Data Center Network, and more products.
The three critical security vulnerabilities patched by Cisco address issues in Apache Struts, Cisco Umbrella API, and Cisco RV110W, RV130W and RV215W router’s management interface.
Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776)
The vulnerability, reported late last month by Semmle security researcher Man Yue Mo, resides in the core of Apache Struts and originates due to insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations.
“The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of url tags with no value or action,” Cisco explains in its advisory.
“In cases where upper actions or configurations also have no namespace or a wildcard namespace, an attacker could exploit this vulnerability by sending a request that submits malicious input to the affected application for processing.”
An unauthenticated, remote attacker can trigger the vulnerability by tricking victims to visit a specially crafted URL on the affected web server, allowing the attacker to execute malicious code and eventually take complete control over the targeted server running the vulnerable application.
All applications that use Apache Struts—supported versions (Struts 2.3 to Struts 2.3.34, and Struts 2.5 to Struts 2.5.16) and even some unsupported Apache Struts versions—are potentially vulnerable to this flaw, even when no additional plugins have been enabled.
Apache Struts patched the vulnerability with the release of Struts versions 2.3.35 and 2.5.17 last month. Now, Cisco has also released fixes to address the issue in its several products. You can check the list of vulnerable Cisco products here.
Since there are no workarounds for this issue, organizations and developers are strongly advised to update their Struts components as soon as possible.
Cisco Umbrella API Unauthorized Access Vulnerability (CVE-2018-0435)
The second critical vulnerability patched by Cisco resides in the Cisco Umbrella API that could allow an authenticated, remote attacker to view and modify data across their organization as well as other organizations.
Cisco Umbrella is a cloud security platform that provides the first line of defense against threats over all ports and protocols by blocking access to malicious domains, URLs, IPs, and files before a connection is ever established or a file is downloaded.
The vulnerability resides due to insufficient authentication configurations for the API interface of Cisco Umbrella, and successful exploitation could allow an attacker to read or modify data across multiple organizations.
Cisco has patched the vulnerability addressed this vulnerability in the Cisco Umbrella production APIs. No user action is required.
Cisco Routers Management Interface Buffer Overflow Vulnerability (CVE-2018-0423)
The last, but not the least, critical vulnerability resides in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS condition.
The flaw occurs due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. To exploit this vulnerability, an attacker can send malicious requests to a targeted device, triggering a buffer overflow condition.
“A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code,” the company explains.
This vulnerability affects all releases of Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router.
Cisco has addressed this vulnerability in firmware release 220.127.116.11 for the Cisco RV130W Wireless-N Multifunction VPN Router, and will not release firmware updates for the Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router. According to the company’s Product Security Incident Response Team (PSIRT), Apache Struts is being exploited in the wild, while the team is not aware of any exploits leveraging the other two critical flaws.
The Bottom Line: Patch! Patch! Patch!