Telco IT admins on red alert as Cisco flings out patches for security holes in policy toolkit

Cisco has emitted 25 product security advisories – with four critical bugs flattened in its service provider-oriented Cisco Policy Suite.

The suite’s Policy Builder toolkit can be exploited by an unauthenticated remote attacker to gain access to its policy interface, due to an authentication bug (CVE-2018-0376). The switch giant explained that an attacker can use this foothold to edit existing repositories or create new ones.

The next two on the critical list are also open to unauthenticated remote attackers. One, CVE-2018-0377, allows a direct connection to the suite’s Open Systems Gateway Initiative (OSGi) interface; and the other, CVE-2018-0374, drops an attacker through to the Policy Builder Database.

The Policy Suite’s Cluster Manager offers unauthenticated root access via hardcoded credentials (CVE-2018-0375).

Cisco’s SD-WAN got a good going-over, it seems, with seven high-rated bugs patched.

Most prominent among them are command injection vulnerabilities here (an authenticated user can exploit tcpdump), here (an authenticated remote user can attack the CLI), here via the VPN subsystem (again, an authenticated user’s remote attack), and here (attacking the Zero Touch Provisioning subsystem).

There’s a remote code execution bug in the system’s database here, giving an auhenticated remote attacker access to the management user (vmanage). The SD-WAN solution also has a file overwrite vulnerability and a denial-of-service vulnerability.

There’s also a medium-rated RCE in the SD-WAN solution, and a similarly-rated command injection bug and local buffer overflow.

The rest of the advisories – covering Webex, Cisco Finesse, the Cloud Services Platform, the Nexus 9000’s DHCP implementation, UCM instant messaging and presence management, and the Unified Contact Center Express – are in the full list, which can be found right here. Get updating! ®