Cisco fixes a major vulnerability to cloud service platforms

Objective

Recently, Cisco has fixed high-risk vulnerabilities on the cloud services product line including cloud service platform (CSP), extensible Firepower Operating System (FXOS), Nx-os software, and some small business IP phones.

The most serious vulnerability to this fix was cve-2017-12251, an attacker who was not authorized to access cloud Platform 2100. Many organizations use the platform to build Cisco or third-party virtual services. the vulnerability exists in the Cisco Cloud Services Platform (CSP) 2100 Web console, where an unauthorized remote attacker could exploit the vulnerability to maliciously interact with the affected CSP device service or virtual machine (VM).

Security Advisory says:

The exploit exploits some of the imperfect licensing mechanisms of URLs in this generation of Web console. An attacker could view a specific pattern of WEB app authorization control by browsing a URL to a virtual machine hosted in a Cisco CSP. An attacker could exploit the vulnerability to connect VMS on a CSP so that the entire system would lose confidentiality, integrity, and availability.

The vulnerability could affect cloud service platform 2100 of 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 and 2.2.2, Cisco has released a new version of 2.2.3 to address this issue.

Cisco said the opposition has not yet found a similar attack.

Security Advisory added:

Cisco's security Incident Response Team (PSIRT) is not fully aware of the details of exploits in this case.

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/17/4a5f2512a113807858d7b7a984b9baaf.png-wh_500x0-wm_3 -wmp_4-s_4139695197.png "title=" 2017-11-17_110246.png "alt=" 4a5f2512a113807858d7b7a984b9baaf.png-wh_ "/>

Cisco also reported on the high-risk vulnerability of DoS--cve-2017-3883, which can affect the Fxos and Nx-os software certification, Authorization, billing (AAA) process.

An attacker could exploit this vulnerability to force a logon attack on a device with AAA security services.

Remote attackers can use vulnerabilities in the Extensible Firepower Operating system (FXOS) and Nx-os system software to reload affected devices.

The vulnerability could also affect Firepower, Nexus, multilayer switches, and some computing systems products.

The first cve-2017-12260 vulnerability affects the Process Initiation Protocol (SIP) in Cisco Small Business spa50x, spa51x, and spa52x series IP phones, and the second vulnerability cve-2017-12259 only affects spa51x system Related protocols in the phone.

With the above vulnerability, an unauthorized attacker could send a special SIP request to a target device, thereby initiating a DoS attack.

Many Cisco products have also been affected by the recent Krack vulnerability, and Cisco has released the latest security updates and is investigating the incident.

* Reference Source: securityaffairs, FB small Liki compilation, reproduced please specify from freebuf.com

Summarize! Start the path to the loophole ...

This article from "Li Shilong" blog, declined reprint!

Cisco fixes a major vulnerability to cloud service platforms