Cisco patches a couple of root access-granting security flaws
Cisco, the company’s whose products underpin a large chunk of today’s internet and enterprise sector, has published today 15 security updates for some of its products.
Of the 15 security updates released to customers today, two vulnerabilities allow attackers to gain root access on the device, while the third bypasses authentication altogether.
The two root access-granting bugs impact Cisco HyperFlex, a piece of software for linking data centers together for easier data and resource sharing.
The most critical of the two flaws is the one tracked under the identifier of CVE-2018-15380, which also has a severity rating of 8.8 on a scale of 1 to 10.
“A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user,” Cisco said.
The company pinned the bug on insufficient input validation when processing user commands, and issued a security update today to address the issue.
The second HyperFlex issue is tracked as CVE-2019-1664, has a severity rating of 8.1, and was discovered during internal Cisco security testing (just like the first).
Cisco says the vulnerability resides in the hxterm service of the Cisco HyperFlex software package and it can “allow an unauthenticated, local attacker to gain root access to all nodes in the cluster.”
The third vulnerability (CVE-2019-1662) that we chose to highlight for this article impacts Cisco’s Prime Collaboration Assurance (PCA) software, one of the company’s many team collaboration suites.
According to Cisco, the PCA software’s Quality of Voice Reporting (QOVR) service contained a vulnerability that when exploited could allow an attacker to gain access to accounts just by entering a valid username, with no need to enter the associated password.
Updates for the three flaws and the other 12 have been made available. None of the 15 vulnerabilities Cisco patched today were under active exploitation by hacker groups.
Most Cisco vulnerabilities tend to enter the “exploitation phase” a few days or weeks after being patched, and after security researchers publish proof-of-concept code that hackers quickly weaponize.
Something like this happened at the end of last month when proof-of-concept code published on GitHub after Cisco patched a vulnerability led to immediate attacks against Cisco RV320 and RV325 routers.
In 2018, Cisco removed seven backdoor accounts from various products, most of which had been discovered by its own staff following internal security audits.