Cisco fixed 17 security issues, six of which had a criticality label of high, last week in a variety of its products.
In one case, there was a vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI), which could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI.
The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information the ISE maintains about clients connected to the network.
Cisco released updates that address this vulnerability. However, there are no workarounds that address this vulnerability.
In addition, there was a vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system.
The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker could exploit the vulnerability either by persuading a user to create a new container using an attacker-controlled image or by using the docker exec command to attach into an existing container that the attacker already has write access to. A successful exploit could allow the attacker to overwrite the host’s runc binary file with a malicious file, escape the container, and execute arbitrary commands with root privileges on the host system.
In addition, two other vulnerabilities allow attackers to gain root access on the device, while the third bypasses authentication altogether.
The two root access-granting bugs are with Cisco HyperFlex, software that links data centers together for easier data and resource sharing.
One vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user.
Cisco fixed this vulnerability in Cisco HyperFlex 3.5(2a).
In addition, there is a vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster.
The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster.
This vulnerability is fixed in Cisco HyperFlex Release 3.5(2a).