Cisco has disclosed a series of severe vulnerabilities impacting several products. Owners and administrators should review their environments and perform patching ASAP.
Background
Cisco has disclosed a series of severe vulnerabilities impacting various product lines including network devices, security appliances, endpoint applications, and various trust relationships. The breadth of impacted products to great to cover in an email – It is recommended that Cisco products within production environments be scrutinized for impact.
View the official Cisco security advisories page for more information.
Notable High Severity Vulnerabilities
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability (CVE-2021-1566) – A certificate validation issue affecting Cisco Advanced Malware Protection (AMP) for Endpoints integration with Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) allows for a man in the middle attack between monitored endpoint and server.
Cisco DNA Center Certificate Validation Vulnerability (CVE-2021-1134) – A cert validation flaw in the Cisco Identity Services Engine (ISE) integration with Cisco DNA Center Software that would allow for the interception of traffic between the ISE and DNA Center servers.
Cisco Small Business 220 Series Smart Switches Vulnerabilities (CVE-2021-1541, CVE-2021-1542, CVE-2021-1543, CVE-2021-1571) – Allows for hijacking of a user session, execution of arbitrary commands as a root user on the underlying operating system, cross-site scripting (XSS) attacks and an HTML injection attack on impacted Small Business Series switches.
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (CVE-2021-1567) – Allows an authenticated user to perform DLL highjacking on AnyConnect client endpoints.
Lasso SAML Implementation Vulnerability Affecting Cisco Products (CVE-2021-28091) – Impacts SSO implementations of many Cisco products.
The fixes are in addition to other significant vulnerabilities patched in the month of June, such as:
- Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability (CVE-2021-1402)
- Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability (CVE-2021-1503)
- Cisco Webex Player Memory Corruption Vulnerability (CVE-2021-1526)
- Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability (CVE-2021-1502). Also worth noting are the many medium severity vulnerabilities patched in the same period.
Mitigations
If you suspect any of your systems may be impacted by these vulnerabilities, it is advised you scrutinize the Cisco Advisory page to get more details regarding impacts and mitigations.
Timely updates are key, as PoC exploit code can be available to adversaries within hours or days of disclosure.
A regular schedule of vulnerability scanning can proactively detect vulnerabilities.
An accurate record of systems and platforms, such as a CMDB, can be used by administrators to help determine the impact of broad vulnerability disclosures.
Resources
CISA Advisory
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products
Cisco Security Center Advisories
https://tools.cisco.com/security/center/publicationListing.x
