Cisco coughs up baker's dozen of vulns and other security nasties
Get patching – except for the ones where you, er, can't
Cisco's six-monthly security update contains a baker's dozen of vulns and flaws in its IOS and IOS XE suites – including a backdoor that "could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device".
The Cisco IOS ROM Monitor (ROMMON) package for its Catalyst 6800 series switches boils down to there being a "hidden command in the affected software", according to Cisco itself. By starting a console session on the affected device, an attacker could force it into ROMMON mode and write to a specific memory address on the device.
The bug was found during internal security testing, Cisco said.
If you are running Catalyst 6800 series Supervisor Engine 6T, Catalyst 6840-X series fixed backbone switches or Catalyst 6880-X series Extensible Fixed Aggregation Switches, now is a very good time to check Cisco's website for patches.
It was not immediately clear whether or not the company has released any patches for this, with the page on its website merely referring readers to a login-protected page.
For the other clutch of vulns, almost all the problems confessed to by Cisco are based on malformed packets being sent to devices running IOS and IOS XE triggering denial-of-service conditions or device resets.
One, however, affecting the Cisco Discovery Protocol module in IOS XE 16.6.1 and 16.6.2 "could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition".
A successful exploit, caused by sending "certain CDP packets to an affected device" could cause a cancer-style unstoppable consumption of all available memory leading to a memory allocation failure and a crash/reboot scenario.
Thankfully, a patch is available for CSCvf50648, as Cisco catchily numbered this particular nasty.
The full list is available here. ®