Critical remote code execution vulnerability in Cisco industrial software

Experts from the IICS web applications security course reported the presence of a severe vulnerability that, if exploited, would allow remote attackers to hijack Cisco’s Industrial Network Director, developed for enterprise deployment. The company announced a patch to correct this flaw yesterday afternoon, noting that no workarounds are known so far, so it is necessary for system administrators to install the patch as soon as possible.

Industrial Network Director is a network management platform to visualize industrial assets, keep them safe and manage their operations. It seems that only the versions of the software prior to 1.6.0 are affected by this error.

In the vulnerability report, Cisco mentions: “The flaw exists due to the incorrect validation of the loaded files in the affected application; an attacker could exploit this flaw to authenticate on the compromised system and load an arbitrary file”. According to the web applications security course experts, exploiting this flaw could enable attackers to execute high-privilege arbitrary code.

Cisco had also recently launched a fix for a severe vulnerability in the TelePresence video conferencing system, as well as some updates for its Unified Communications Manager (UCM) products.

“A flaw in UCM authentication and the TelePresence server could allow an unauthenticated remote attacker to cause service outages for authenticated users, generating a denial of service (DoS) condition”, mentioned the company’s report.

On the other hand, a couple of days ago Cisco released a correction for a DoS vulnerability considered critical, reported the web applications security course experts. The flaw, reported last May, affects routers running vulnerable versions of the Cisco IOS XR software.

The company also published seven update patches for various moderate severity errors, report specialists from the International Institute of Cyber Security (IICS).

Cisco released several security patches over the past month, more than usual, starting with a critical vulnerability correction for the Elastic Services Controller users’ web interface; in addition, the company had to correct the flaw in the Cisco IOS XE operating system software that affected multiple routers, switches, and firewall deployments. According to company reports, there are still millions of devices and implementations exposed to this vulnerability.