Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

October 21, 2021

Severity

Medium

Analysis Summary

CVE-2021-40122

Cisco Meeting Server is vulnerable to a denial of service, caused by improper handling of large series of message requests. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause the device to reload, dropping all ongoing calls and results in a denial of service condition.

CVE-2021-34736

Cisco Integrated Management Controller (IMC) Software is vulnerable to a denial of service, caused by improper input validation by the web-based management interface. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the interface to restart, and results in a denial of service condition.

CVE-2021-40123

Cisco Identity Services Engine could allow a remote authenticated attacker to obtain sensitive information, caused by an incorrect permissions settings flaw. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to download restricted files, and use this information to launch further attacks against the affected system.

Impact

Denial of Service
Information Disclosure

Affected Vendors

Cisco

Affected Products

Cisco Meeting Server
Cisco Integrated Management Controller
Cisco UCS C-Series Rack Servers in standalone mode
Cisco UCS S-Series Storage Servers in standalone mode
Cisco Identity Services Engine (ISE)

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2021-40122

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v

CVE-2021-34736

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh

CVE-2021-40123

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-download-B3BR5KQA