Cisco IOS and IOS XE Multiple Vulnerabilities

Multiple vulnerabilities including authorization bypass, DoS, arbitrary code execution and such other critical vulnerabilities were observed in various Cisco IOS and IOS XE devices in September 2020. To this, Cisco published a collated report of all 34 vulnerabilities as an advisory – ERP-74268.

In its semi-annual report, published on Sept 24, 2020, Cisco released bundles of advisory to address Cisco IOS and IOS XE multiple vulnerabilities, which fall into High to Critical in severity.

List of CVEs and their corresponding vulnerabilities/products are listed in affected products.

Affected Products/Devices:

No. CVE IDs Affected Products/devices
1 CVE-2020-3511 Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability
2 CVE-2020-3409 Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability
3 CVE-2020-3512 Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability
4 CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
5 CVE-2020-3426 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability
6 CVE-2020-3417 Cisco IOS XE Software Arbitrary Code Execution Vulnerability
7 CVE-2020-3526 Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability
8 CVE-2020-3465 Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability
9 CVE-2020-3510 Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability
10 CVE-2020-3492 Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability
11 CVE-2020-3359 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability
12 CVE-2020-3414 Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability
13 CVE-2020-3508 Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
14 CVE-2020-3416

CVE-2020-3513

Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
15 CVE-2020-3509 Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability
16 CVE-2020-3422 Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability
17 CVE-2020-3141

CVE-2020-3425

Cisco IOS XE Software Privilege Escalation Vulnerabilities
18 CVE-2020-3407 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
19 CVE-2020-3400 Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
20 CVE-2020-3421

CVE-2020-3480

Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities
21 CVE-2020-3486

CVE-2020-3487

CVE-2020-3488

CVE-2020-3489

CVE-2020-3493

CVE-2020-3494

CVE-2020-3497

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities
22 CVE-2020-3399 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
23 CVE-2020-3390 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
24 CVE-2020-3428 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability
25 CVE-2020-3429 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability

Advisory

Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled

Mitigations

To determine whether any of Cisco IOS or IOS XE software release is vulnerable, Cisco recommends using Cisco Software Checker. To mitigate the risk, Cisco advises to update the products/devices with the latest patches.

Workaround/Mitigation Detection

Qualys Policy Compliance customers can evaluate workaround based on following Controls

Qualys Detection

Qualys customers can scan their network with QIDs 316712, 316713, 316714, 316715 and 316716 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.

References
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74268

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc

 

Leave a Reply

Your email address will not be published. Required fields are marked *