According to digital forensics experts, Cisco has embarked on a new workday full of security patches to fix multiple critical vulnerabilities present in its Aironet wireless access points, widely used by small and medium companies.
The company also released additional security patches to fix various flaws in other of its products. The most severe of these vulnerabilities could allow an unauthenticated remote hacker to gain access to specific devices, granting high privileges, such as the ability to access sensitive data and modify settings of the targeted devices. This vulnerability exists in Cisco software running on Aironet access points, which allow a device to connect to a wired network.
In its security alert, the company mentioned: “Although the attack would not provide access to all available configuration options, the attacker could access sensitive system information, in addition to modifying some settings, such as wireless networks.”
Tracked as CVE-2019-15260, the vulnerability is rated 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale, making it a critical vulnerability. According to digital forensics experts, the flaw exists due to weak access control on certain URLs of the affected devices.
A threat actor could exploit the failure by requesting specific URLs from an affected access point. Affected Aironet devices include the 1540, 1560, 1800, 2800, 3800, and 4800 series.
In addition to this failure, two additional vulnerabilities were found in Aironet. One of these vulnerabilities exists due to an error in processing functionality on access points, which processes only point-to-point tunneling protocol VPN packets, an outdated method for deploying VPN on any device. This flaw, identified as CVE-2019-15261, allows an unauthenticated remote hacker to trigger the reload of an affected device, generating a denial of service (DoS) condition.
The second vulnerability, identified as CVE-2019-15264, exists in the implementation of Aironet and Catalyst 9100’s “Wireless Access Point Control and Provisioning” protocol. This protocol allows any central wireless LAN access controller to manage a collection of wireless access points. Exploiting this vulnerability would allow an unauthenticated hacker to inadvertently reboot the device, generating a DoS condition.
Digital forensics experts mention that Cisco released update patches to fix a total of 41 vulnerabilities, including the above mentioned critical flaw, 17 severe vulnerabilities, and 23 minor severity failures.
One of the products that introduced the most security flaws is the SPA100 series analog phone adapter, used for access to Internet telephony services in hundreds of small businesses. Exploiting most of these flaws would allow an authenticated hacker to execute arbitrary code.
From time to time, Cisco releases update patches for several products. As reported by digital forensics experts from the International Institute of Cyber Security (IICS) in September, the company released 29 patches to fix security flaws across multiple products, such as routers, industrial switches, and others devices running IOS XE software.