Introduction

Cisco Systems, Inc. is an American multinational technology conglomerate corporation headquartered in San Jose, California. Integral to the growth of Silicon Valley, Cisco develops, manufactures and sells networking hardware, software, telecommunications equipment and other high-technology services and products.[3] Through its numerous acquired subsidiaries, such as OpenDNS, Webex, Jabber and Jasper, Cisco specializes in specific tech markets, such as the Internet of Things (IoT), domain security and energy management.

Cisco Systems has released fixes for three severe security flaws in its IOS XE network operating system. Remote attackers could have easily leveraged these flaws to run arbitrary code with administrator rights on affected devices, resulting in a denial-of-service (DoS) scenario.

Flaws

The list of three flaws is as follows –

• CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
• CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
• CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most serious problem is CVE-2021-34770. This is what Cisco calls a “logical error” that occurs during the next process. CAPWAP (Wireless access point control and provisioning) A packet that allows a central wireless controller to manage a group of wireless access points.

“An attacker could exploit this vulnerability by sending a specially crafted CAPWAP packet to the affected device,” the company said in an advisory. “A successful exploit could allow an attacker to execute arbitrary code with administrator privileges or crash and reload the affected device, causing a DoS condition.”

CVE-2021-34727, on the other hand, has insufficient perimeter checks when accepting incoming network traffic to the device, so an attacker can send specially crafted traffic and use arbitrary code with root-level privileges. Run or reload the device.

Finally, CVE-2021-1619 is associated with “uninitialized variables” in Cisco IOS XE Software Authentication, Authorization, and Accounting (AAA) features that allow authenticated remote attackers to “network.” The device or device memory has been corrupted and a DoS has occurred.

Affected products

• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Catalyst 9800-CL Wireless Controllers for Cloud
• Embedded Wireless Controller on Catalyst Access Points
• 1000 Series Integrated Services Routers (ISRs)
• 4000 Series ISRs
• ASR 1000 Series Aggregation Services Routers
• Cloud Services Router 1000V Series

Recommendation

• The vendor provides a patched version for the affected versions which should be updated immediately.
• Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories
• To limit the attack surface of this vulnerability, ensure that access control lists (ACLs) are in place for NETCONF and RESTCONF to prevent attempted access from untrusted subnets.
• Cisco recommends administrators to run the “show running-config | include sdwan ” If the command returns tunnel mode sdwan, the sdwan feature is enabled and the device is vulnerable for Buffer overflow Vulnerability