Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020Rewterz Threat Alert – Lazarus FastCash – IOCs
June 6, 2020Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020Rewterz Threat Alert – Lazarus FastCash – IOCs
June 6, 2020Severity
High
Analysis Summary
CVE-2020-3224
The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.
CVE-2020-3229
The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.
CVE-2020-3211
The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.
CVE-2020-3212
The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.
CVE-2020-3219
The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.
CVE-2020-3200
The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Impact
- Denial of service
- Privilege escalation
- Gain access
Affected Vendors
Cisco
Affected Products
Cisco IOS XE Software
Remediation
Refer to vendor’s advisory for the complete list of affected products and upgraded patches.
https://tools.cisco.com/security/center/publicationListing.x