[German]A brief overview of various vulnerabilities in Cisco products. The Cisco Unified IP Conference Station 7937G is vulnerable. And there are also vulnerabilities in AnyConnect (Windows).
Advertising
Vulnerabilities in Cisco AnyConnect
There are vulnerabilities in the Windows version of Cisco-AnyConnect, which are summarized in the following tweet
My 3 vulns on AnyConnect (Windows) are public! CVE-2020-3433 (high, privesc https://t.co/J6OmZiy3Qx), CVE-2020-3434 (medium, DoS https://t.co/Pz5LQCR5ez) and CVE-2020-3435 (medium, Always-On bypass https://t.co/LoeczkJBY1). Patch it! Full details & exploits soon ;) pic.twitter.com/v5osMcns5f
— Antoine Goichot (@AntoineGoichot) August 5, 2020
- CVE-2020-3433 (high, privesc https://t.co/J6OmZiy3Qx), Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability.A vulnerability in the IPC (Interprocess Communication) channel of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at runtime. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would have to have valid logon credentials on the Windows system.
- CVE-2020-3434 (medium, DoS https://t.co/Pz5LQCR5ez), Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability.A vulnerability in the inter-process communication channel (IPC) of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to cause a denial of service (DoS) state on an affected device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the data entered by the user. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process and cause a DoS condition on the device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system.
- CVE-2020-3435 A vulnerability in the inter-process communication channel (IPC) of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of data entered by the user. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. Successful exploitation could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system.
Please refer to the linked Cisco support articles for details.
Cisco Unified IP Conference Station 7937G
The Cisco Unified IP Conference Station 7937G has long since fallen out of support. In the following tweet, a security researcher mentions three weaknesses that he has found.
CVE-2020-16139, CVE-2020-16138, CVE-2020-16137 – Cisco 7937G https://t.co/BS9w6mVhHl
— /r/netsec (@_r_netsec) August 10, 2020
Details can be found in the linked article.
Advertising
