Rewterz Threat Advisory – ICS: Honeywell Experion PKS and ACE Controllers

October 6, 2021

Rewterz Threat Advisory – Fortinet FortiClientEMS And FortiAnalyzer Vulnerabilities

October 7, 2021

Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities

October 7, 2021

Severity

High

Analysis Summary

CVE-2021-34780 : CVE-2021-34779

Cisco Small Business 220 Series Smart Switches is vulnerable to a buffer overflow, caused by improper bounds checking when processing LLDP messages. By sending a specially-crafted LLDP packet, a remote attacker could overflow a buffer and execute arbitrary code or cause the device to reload unexpectedly.

CVE-2021-34778 : CVE-2021-34777 : CVE-2021-34776 : CVE-2021-34775

Cisco Small Business 220 Series Smart Switches could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw when processing LLDP messages. By sending a specially-crafted LLDP packet, an attacker could exploit this vulnerability to cause corruption in the internal LLDP database to execute arbitrary code or cause the device to reload.

CVE-2021-34788

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow a local authenticated attacker to execute arbitrary code on the system, caused by a race condition in the signature verification process for shared library files. By sending specially-crafted interprocess communication (IPC) messages to the AnyConnect process, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on the device.

CVE-2021-1594

Cisco Identity Services Engine (ISE) could allow a remote attacker to gain elevated privileges on the system, caused by improper input validation for specific API endpoints. By intercepting and modifying specific internode communications from one ISE persona to another ISE persona, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges on the underlying operating system.

CVE-2021-34735

Cisco ATA 190 Series Analog Telephone Adapter Software is vulnerable to a denial of service, caused by improper rate limiting of ICMP packets on the Ethernet interface. By sending a specially-crafted steady stream of ICMP traffic, a remote attacker could exploit this vulnerability to cause the Ethernet port to go offline, and results in a denial of service condition.

CVE-2021-34710

Cisco ATA 190 Series Analog Telephone Adapter Software could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By sending a specially-crafted request to the web UI, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying OS with root privileges.

CVE-2021-34748

Cisco Intersight Virtual Appliance could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By sending a specially-crafted input to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands using root-level privileges on the device.

CVE-2021-34698

Cisco Web Security Appliance (WSA) is vulnerable to a denial of service, caused by improper memory management in the proxy service. By establishing a large number of HTTPS connections, a remote attacker could exploit this vulnerability to cause the system to stop processing new connections, and results in a denial of service condition.

Impact

Buffer Overflow
Code Execution
Privilege Escalation
Denial of Service
Command Execution

Affected Vendors

Dell

Affected Products

Cisco Small Business 220 Series Smart Switches
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS
Cisco Identity Services Engine (ISE)
Cisco 190 Series On-Premises Software
Cisco ATA 190 Series Multiplatform (MPP) Software
Cisco ATA 190 (On-premises only)
Cisco ATA 191 (On-premises or Multiplatform)
Cisco Intersight Virtual Appliance
Cisco AsyncOS Software for Web Security Appliances (WSA)

Remediation

Refer to Cisco Advisory for patch, upgrade or suggested workaround information.

CVE-2021-34780 : CVE-2021-34779 : CVE-2021-34778 : CVE-2021-34777 : CVE-2021-34776 : CVE-2021-34775

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T

CVE-2021-34788

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q

CVE-2021-1594

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3

CVE-2021-34735 : CVE-2021-34710

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3

CVE-2021-34748

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R

CVE-2021-34698

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us