Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Remcos RAT – Active IOCs
September 22, 2021Rewterz Threat Advisory – CVE-2021-31847 – McAfee Agent for Windows
September 23, 2021
Severity
High
Analysis Summary
CVE-2021-1612
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to bypass security restrictions, caused by improper access controls on files within the local file system. By using a specially-crafted symbolic link, an attacker could exploit this vulnerability to overwrite arbitrary files on the device.
CVE-2021-34712
Cisco SD-WAN vManage Software could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation by the web-based management interface. By sending specially-crafted HTTP requests, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2021-34729
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper validation of arguments passed to certain CLI commands. By including specially-crafted input in the argument of an command, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges on the underlying operating system.
CVE-2021-34703
Cisco IOS and IOS XE Software are vulnerable to a denial of service, caused by improper initialization of a buffer. By sending specially-crafted LLDP frames, a remote authenticated attacker could exploit this vulnerability to cause the device to crash.
CVE-2021-1546
Cisco SD-WAN Software could allow a local authenticated attacker to obtain sensitive information, caused by improper protections on file access through the CLI. By sending a specially-crafted CLI command that targets an arbitrary file, an attacker could exploit this vulnerability to obtain information of portions of an arbitrary file, and use this information to launch further attacks against the affected system.
CVE-2021-1615
Cisco Embedded Wireless Controller Software is vulnerable to a denial of service, caused by improper buffer allocation. By sending specially-crafted traffic, a remote attacker could exploit this vulnerability to exhaust available resources, and results in a denial of service condition.
CVE-2021-34699
Cisco IOS and IOS XE Software are vulnerable to a denial of service, caused by an improper interaction between the web UI and the CLI parser. By requesting a particular CLI command to be run through the web UI, a remote authenticated attacker could exploit this vulnerability to cause the device to reload, and results in a denial of service condition.
CVE-2021-34723
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to bypass security restrictions, caused by improper validation of specific CLI command parameters. By sending a specially-crafted command with specific parameters, an attacker could exploit this vulnerability to overwrite the content of the configuration database and gain root-level access to the device.
CVE-2021-1616
Cisco IOS XE Software could allow a remote attacker to bypass security restrictions, caused by improper data validation of traffic that is traversing the ALG. By sending specially-crafted traffic , an attacker could exploit this vulnerability to bypass the ALG and open connections not allowed to a remote device located behind the ALG.
CVE-2021-34696
Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow a remote attacker to bypass security restrictions, caused by incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. By sending specially-crafted traffics, an attacker could exploit this vulnerability to bypass an ACL on the device.
CVE-2021-1621
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper handling of certain Layer 2 frames. By sending specially-crafted Layer 2 frames on the segment the router is connected, a remote attacker could exploit this vulnerability to cause a queue wedge on the interface, and results in a denial of service condition.
CVE-2021-1589
Cisco SD-WAN vManage Software could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control to the API endpoints. By sending a specially-crafted request to an API endpoint, an attacker could exploit this vulnerability to obtain the administrative credentials, and use this information to launch further attacks against the affected system.
CVE-2021-1624
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper handling of the rate limiting feature within the QuantumFlow Processor. By sending specially-crafted traffic, a remote attacker could exploit this vulnerability to cause the QuantumFlow Processor utilization to reach 100 percent, and results in a denial of service condition.
CVE-2021-34724
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper file system protection and the presence of a sensitive file in the bootflash directory. By overwriting an installer file stored in the bootflash directory with arbitrary commands, an <authenticated> attacker could exploit this vulnerability to read and write changes to the configuration database with root privileges.
Impact
- Security Bypass
- Information Disclosure
- Command Execution
- Denial of Service
- Privilege Escalation
Affected Vendors
Affected Products
- Cisco IOS XE Software 17.3
- Cisco SD-WAN vManage software
- Cisco IOS XE Software
- Cisco IOS XE SD-WAN Software
- Cisco SD-WAN vEdge Cloud Routers
- Cisco SD-WAN vBond Orchestrator Software
- Cisco SD-WAN vEdge Routers
- Cisco SD-WAN vSmart Controller Software
- Cisco SD-WAN Software
- Cisco EWC Software for Catalyst APs
- Cisco IOS Software Cisco IOS XE Software
- Cisco Cloud Services Router (CSR) 1000V Series
- Cisco 1000 Series Integrated Services Routers (ISRs)
- Cisco 4000 Series ISRs
- Cisco ASR 1000 Series Aggregation Services Routers (ASRs)
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco 1000 Integrated Services Routers (ISRs)
- Cisco Integrated Services Virtual (ISRv) Routers
- Cisco SD-WAN vManage Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
CVE-2021-1612
CVE-2021-34712
CVE-2021-34729
CVE-2021-34703
CVE-2021-1546
CVE-2021-1615
CVE-2021-34699
CVE-2021-34723
CVE-2021-1616
CVE-2021-34696
CVE-2021-1621
CVE-2021-1589
CVE-2021-1624
CVE-2021-34724