Rewterz Threat Alert – APT Group Sidewinder Targeting Pakistani Officials
April 21, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOC’s
April 21, 2021Rewterz Threat Alert – APT Group Sidewinder Targeting Pakistani Officials
April 21, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOC’s
April 21, 2021Severity
Medium
Analysis Summary
CVE-2021-1392
An authenticated attacker can exploit a vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software to retrieve the password for Common Industrial Protocol (CIP). The attacker can then remotely configure the affected device as an administrative user.
CVE-2021-1403
An unauthenticated, remote attacker can exploit a vulnerability in the web UI feature of Cisco IOS XE software to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.
CVE-2021-1352
An adjacent, unauthenticated attacker can exploit a vulnerability in DECnet protocol processing of Cisco IOS XE software to cause a denial-of-service condition on an affected device. The attacker can then remotely configure the affected device to reload and successfully cause denial-of-service conditions.
CVE-2021-1442
A local, authenticated attacker can exploit a vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software to elevate privileges to the level of an administrator on an affected Stratix 5800. The attacker can then remotely configure the affected device to disable Plug-and-Play after Express Setup has completed.
CVE-2021-1452
A physical, unauthenticated attacker can exploit a vulnerability in the Stratix 5800 switches, execute persistent code at boot time and break the chain of trust.
CVE-2021-1443
An authenticated, remote attacker can exploit a vulnerability in the web UI of the IOS XE software to execute arbitrary code with root privileges on the underlying operating system of the affected device. Admin credentials to the device are required for the attacker to exploit this vulnerability.
CVE-2021-1220
An authenticated, remote attacker can exploit a vulnerability in the web UI of the IOS XE software to equip themselves with read-only privileges to cause the web management software to hang and consume vty line instances. The consumption of the vty line instances results in a denial-of-service condition.
Impact
- Denial-of-service Conditions
- Unauthorized Privilege Escalation
- Web Socket Hijacking
- Command Injection
Affected Vendors
Rockwell Automation
Affected Products
- Stratix 5800: Versions 16.12.01 and earlier
- Stratix 8000: Versions 15.2(7)E3 and earlier
- Stratix 5700: Versions 15.2(7)E3 and earlier
- Stratix 5410: Versions 15.2(7)E3 and earlier
- Stratix 5400: Versions 15.2(7)E3 and earlier
Remediation
Refer to the ICS advisory for the complete list of affected products, mitigation methods, and their respective patches.
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-02
In the Stratix 5800, apply version 17.04.01 or later.