Cisco released software updates on Wednesday that address a variety of vulnerabilities in several products.
Affected versions of Cisco Prime Collaboration Assurance software contain a web framework access controls bypass vulnerability, an information disclosure vulnerability, and a session ID privilege escalation vulnerability, a Wednesday advisory indicated.
The web framework access controls bypass vulnerability enables an authenticated, remote attacker to access higher-privileged functions that should only be accessible to users with administrative privileges. The bug allows the attacker to “create an additional administrative user or access information from another domain if the system is used in multiple tenants environment,” the advisory said.
The information disclosure vulnerability enables an authenticated, remote attacker to access information about any device imported into the system database, including devices for other customers or domains. SNMP community strings and device administrative credentials are among the information that could be retrieved, thus allowing administrative access to devices.
The session ID privilege escalation vulnerability enables an authenticated, remote attacker to access information on users logged into the system, including users' session identifiers.
“Using this identifier, an attacker could impersonate any user, including administrative users, for any domain or customer if the system is configured for multiple tenants,” the advisory said. “Using this information, an attacker could perform any privileged functions during the time the session ID is valid.”
The three aforementioned vulnerabilities are the result of improper implementation of authorization and access controls. An attacker – who would need to be logged into the system – could exploit the bugs by sending a crafted URL or crafted URLs to the system.
Any product running a vulnerable version of Cisco Prime Collaboration Provisioning software is affected by a web framework access controls bypass vulnerability that can be exploited by an authenticated, remote attacker to access higher-privileged functions, a second Wednesday advisory indicated.
“[The] exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges,” the advisory said. “Because of this vulnerability, an attacker may be able to create an additional administrative user and access or manipulate data.”
Much like the other bugs, this vulnerability is the result of improper implementation of authorization and access controls, and it can be exploited by an attacker – who would need to be logged into the system – by sending a crafted URL to the system.
A third Wednesday advisory explained that vulnerable versions of Cisco TelePresence Server contain a buffer overflow vulnerability in the Conference Control Protocol API that could lead to an unauthenticated, remote attacker causing a denial-of-service (DoS) condition.
“The vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer,” the advisory said. “An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.”
In all three advisories, Cisco said that it was not aware of any public announcements or malicious use of the vulnerabilities.