Just one week after its latest patch day, network equipment manufacturer Cisco released three additional advisories that close holes.
The manufacturer closed five holes in the Firewall Services Module (FWSM) in its 6500 Catalyst switches and 7600 router series. Attackers can use one of the holes to get around the TACACS+ authentication and obtain administrative access to devices. In the other four holes attackers could use them to conduct denial-of-service (DOS) attacks.
Cisco also had to patch the TACACS+ authentication hole in its ASA 5500 Series Adaptive Security Appliances and the Catalyst 6500 Series ASA Services Module.
The third advisory concerns a directory-traversal hole in the Network Admission Control (NAC) Manager. Attackers could use the vulnerability to gain access to critical information, such as password files and system logs, via TCP port 443.
Cisco has published patches and, in most cases, workarounds for all of the holes.
Just last week, Cisco published ten security advisories as part of its bi-annual patch day.
The advisories resolved a number of security vulnerabilities. The most serious vulnerability (CVSS 10) deals with Catalyst switches running the company’s iOS network operating system software. A bug in the Smart Install remote maintenance feature allowed remote attackers to execute arbitrary code on affected switches.
Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
The other advisories fix denial-of-service (DoS) vulnerabilities in iOS, Unified Communications Manager and 1000 series routers.
Cisco released updates which fix these vulnerabilities; workarounds exist for some of the problems. As promised, Cisco has also fixed the backdoor vulnerability in its Identity Services Engine (ISE) identity management software.
With the ISE, the underlying database used, its identity and access control policy platform, contains three sets of default credentials a hacker could exploit via a remote attacker without any end-user interaction.
Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 have the issue.