14 DAY TRIAL // Cisco has addressed two security issues, one of which was labeled as critical and allowed attackers to send remote shell commands to Cisco equipment without having to authenticate themselves.
This most recent vulnerability, CVE-2015-6435, affects only the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series.
Send HTTP request -> p0wn Cisco box -> put "h@Kz0r" in your Twitter profile
The issue has a vulnerability score of 10 out of 10, meaning it's trivial to exploit, works from remote locations, completely bypasses normal authentication procedures, and provides attackers with complete control over the compromised devices.
According to the Cisco advisory, the vulnerability resides in some CGI scripts that run on the device and power its management interface.
The issue can be exploited by attackers that craft malformed HTTP requests, and package them with shell commands that get executed on the device.
Cisco says that all UCS Manager versions are affected. Firepower 9000 Series prior to version 1.1.2 are also impacted. Cisco has issued urgent firmware patches for both product series.
Second Cisco flaw allowed proxy traffic through its firewalls
A second exploit (CVE-2016-1296) was also found in the proxy engine of the Cisco Web Security Appliance (WSA), versions 8.5.3-055, 9.1.0-000, and 9.5.0-235.
With a severity score of 5/10, this vulnerability allowed attackers to bypass the device's security measures, all using malformed HTTP requests.
An attacker could trick a WSA firewall that prohibited proxy traffic into allowing proxy traffic from/to specific sources. Cisco has issued a fix for this issue as well.
Since the Juniper backdoor vulnerability, Cisco started a company-wide audit that, up until now, has increased the frequency at which bug fixes are coming out of Cisco's headquarters.
In these recent weeks, the company has removed a backdoor from some of its access points, discovered devices shipped with the wrong admin password, and found flaws in its custom Jabber client.