Cisco warns of security gaps in routers, switches and AnyConnect VPN

They allow denial of service attacks and the theft of confidential information. The AnyConnect client for Windows gives hackers access to the operating system with system rights. Cisco offers security patches for all vulnerabilities.

Cisco has released several security updates, including switches for small and medium-sized businesses, the DNA Center software, routers with StarOS and the AnyConnect VPN-Client for Windows concern. Attackers may be able to paralyze switches via denial-of-service without entering login data.

Cisco (graphic: Cisco)The 250 Series Smart Switches, the 350 Series Smart Switches and the Managed Switches of the 350, 550X, Small Business 200, Small Business 300 and Small Business 500 series are susceptible to this. A vulnerability allows the switches to be restarted.

However, only four product lines will receive updates: 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, and 550X Series Stackable Managed Switches. The other switches mentioned are no longer supported by Cisco.

According to Cisco, the vulnerability has not yet been actively exploited. It was discovered during internal tests. Cisco rates the error with the identifier CVE-2020-3363 in the ten-level Common Vulnerability Scoring System with 8.6 points. In addition, only IPv6 and no IPv4 traffic is affected.

Another hole is in the automation software DNA Center prior to version 1.3.1.4. It may disclose confidential information such as configuration files because authentication tokens are processed incorrectly. An attacker only needs to send a specially designed HTTPS request to the software. The CVSS score of this vulnerability is 7.5 points.

The StarOS software from Cisco, in turn, is susceptible to denial of service due to a faulty IPv6 implementation. Again, an attack can be carried out without entering login data, which gives the security hole a CVSS score of 8.6. The ASR 5000 Series Aggregation Services Router and its Virtualized Packet Core-Singe Instance (VPC-SI), for example, are vulnerable as soon as Vector Packet Processing is active. However, this function is deactivated ex works.

The vulnerability in the AnyConnect client for Windows can only be exploited by authenticated, local attackers. However, they are able to carry out a DLL hijacking attack and inject malicious code with system rights. The gateway here is a specially designed IPC message. The corrected version 4.9.00086 is available for download for AnyConnect. The clients for macOS, Linux, iOS, Android and the Universal Windows Platform are not affected.


Leave a Reply

Your email address will not be published. Required fields are marked *