430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco addresses critical issues in IP Phones and UCS Director

Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director. The critical vulnerability fixed by Cisco affects IP Phones and resides on the webserver, the flaw could be exploited by a remote, unauthenticated attacker to execute code with root privileges. The flaw, tracked as CVE-2020-3161, […]

Cisco Catalyst

Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director.

The critical vulnerability fixed by Cisco affects IP Phones and resides on the webserver, the flaw could be exploited by a remote, unauthenticated attacker to execute code with root privileges. The flaw, tracked as CVE-2020-3161, has been rated as a critical severity and received a CVSS score of 9.8.

“A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.” reads the advisory published by Cisco.

“The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.”

The CVE-2020-3161 vulnerability is caused by the improper validation of HTTP requests, an attacker could exploit the issue by sending a crafted HTTP request to the web server of the vulnerable IP Phones.

“An unauthenticated remote attacker can trigger a stack-based buffer overflow by sending a crafted HTTP request to the /deviceconfig/setActivationCode endpoint.” reads the analysis published by Tenable, the company that reported the vulnerability.

“In libHTTPService.so, the parameters after /deviceconfig/setActivationCode are used to create a new URI via a sprintf function call. The length of the parameter string is not checked. When an attacker provides a long parameter string then sprintf overflows the provided stack-based buffer.”

Tenable also published a denial of service proof of concept for this issue on GitHub.

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device:

  • IP Phone 7811, 7821, 7841, and 7861 Desktop Phones
  • IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones
  • Unified IP Conference Phone 8831
  • Wireless IP Phone 8821 and 8821-EX

Cisco pointed out that it is not aware of attacks exploiting the flaw in attacks in the wild.

Cisco also fixed three critical vulnerabilities, tracked CVE-2020-3239, CVE-2020-3240, and CVE-2020-3243, in Cisco UCS Director and UCS Director Express for Big Data. The flaws affect the REST API and could be exploited by a remote, unauthenticated attacker to bypass authentication or conduct directory traversal attacks.

“Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.” reads the advisory published by Cisco.

The issues exist due to insufficient access control validation and improper input validation. Cisco addressed the flaw by releasing UCS Director 6.7.4.0 and UCS Director Express for Big Data 3.7.4.0.

Cisco also addressed several high severity flaws affecting Wireless LAN Controller (WLC) Software, Webex Network Recording Player and Webex Player, Mobility Express Software, IoT Field Network Director, Unified Communications Manager (UCM) and UCM Session Management Edition (SME), and Aironet Series Access Points Software.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – IP Phones, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]