{"id":15299,"date":"2020-08-11T06:02:01","date_gmt":"2020-08-11T04:02:01","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15299"},"modified":"2021-10-29T10:00:47","modified_gmt":"2021-10-29T08:00:47","slug":"sicherheit-schwachstellen-in-cisco-produkten","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/08\/11\/sicherheit-schwachstellen-in-cisco-produkten\/","title":{"rendered":"Security: Vulnerabilities in Cisco products"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/08\/11\/sicherheit-schwachstellen-in-cisco-produkten\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]A brief overview of various vulnerabilities in Cisco products. The Cisco Unified IP Conference Station 7937G is vulnerable. And there are also vulnerabilities in AnyConnect (Windows).<\/p>\n<p><!--more--><\/p>\n<h2>Vulnerabilities in Cisco AnyConnect <\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/202e067851d0426386ac1e07a5979b85\" width=\"1\" height=\"1\">There are vulnerabilities in the Windows version of Cisco-AnyConnect, which are summarized in the following tweet<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">My 3 vulns on AnyConnect (Windows) are public! CVE-2020-3433 (high, privesc <a href=\"https:\/\/t.co\/J6OmZiy3Qx\">https:\/\/t.co\/J6OmZiy3Qx<\/a>), CVE-2020-3434 (medium, DoS <a href=\"https:\/\/t.co\/Pz5LQCR5ez\">https:\/\/t.co\/Pz5LQCR5ez<\/a>) and CVE-2020-3435 (medium, Always-On bypass <a href=\"https:\/\/t.co\/LoeczkJBY1\">https:\/\/t.co\/LoeczkJBY1<\/a>). Patch it! Full details &amp; exploits soon ;) <a href=\"https:\/\/t.co\/v5osMcns5f\">pic.twitter.com\/v5osMcns5f<\/a><\/p>\n<p>\u2014 Antoine Goichot (@AntoineGoichot) <a href=\"https:\/\/twitter.com\/AntoineGoichot\/status\/1291043613506494465?ref_src=twsrc%5Etfw\">August 5, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<ul>\n<li>CVE-2020-3433 (high, privesc <a href=\"https:\/\/t.co\/J6OmZiy3Qx\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/t.co\/J6OmZiy3Qx<\/a>), Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability.A vulnerability in the IPC (Interprocess Communication) channel of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at runtime. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would have to have valid logon credentials on the Windows system.&nbsp;\n<li>CVE-2020-3434 (medium, DoS <a href=\"https:\/\/t.co\/Pz5LQCR5ez\">https:\/\/t.co\/Pz5LQCR5ez<\/a>), Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability.A vulnerability in the inter-process communication channel (IPC) of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to cause a denial of service (DoS) state on an affected device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the data entered by the user. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process and cause a DoS condition on the device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system.\n<li>CVE-2020-3435 A vulnerability in the inter-process communication channel (IPC) of the Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of data entered by the user. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. Successful exploitation could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would have to have valid credentials on the Windows system.<\/li>\n<\/ul>\n<p>Please refer to the linked Cisco support articles for details.<\/p>\n<h2>Cisco Unified IP Conference Station 7937G<\/h2>\n<p>The Cisco Unified IP Conference Station 7937G has long since fallen out of support. In the following tweet, a security researcher mentions three weaknesses that he has found. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"sl\" dir=\"ltr\">CVE-2020-16139, CVE-2020-16138, CVE-2020-16137 &#8211; Cisco 7937G <a href=\"https:\/\/t.co\/BS9w6mVhHl\">https:\/\/t.co\/BS9w6mVhHl<\/a><\/p>\n<p>\u2014 \/r\/netsec (@_r_netsec) <a href=\"https:\/\/twitter.com\/_r_netsec\/status\/1292852734970834944?ref_src=twsrc%5Etfw\">August 10, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Details can be found in the <a href=\"https:\/\/web.archive.org\/web\/20210321065623\/https:\/\/www.blacklanternsecurity.com\/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G\/\" target=\"_blank\" rel=\"noopener noreferrer\">linked article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A brief overview of various vulnerabilities in Cisco products. The Cisco Unified IP Conference Station 7937G is vulnerable. And there are also vulnerabilities in AnyConnect (Windows).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[1354,69],"class_list":["post-15299","post","type-post","status-publish","format-standard","hentry","category-security","tag-cisco","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15299"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15299\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}