Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0231
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting
Cisco Products: January 2021
20 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25687 CVE-2020-25686 CVE-2020-25685
CVE-2020-25684 CVE-2020-25683 CVE-2020-25682
CVE-2020-25681
Reference: ESB-2021.0219
ESB-2021.0218
ESB-2021.0217
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products:
January 2021
Medium
Advisory ID: cisco-sa-dnsmasq-dns-2021-c5mrdf3g
First Published: 2021 January 19 12:15 GMT
Version 1.0: Interim
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv83754
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
Summary
o A set of previously unknown vulnerabilities in the DNS forwarder
implementation of dnsmasq were disclosed on January 19, 2021. The
vulnerabilities are collectively known as DNSpooq.
Exploitation of these vulnerabilities could result in remote code execution
or denial of service (DoS), or may allow an attacker to more easily forge
DNS answers that can poison DNS caches, depending on the specific
vulnerability.
Multiple Cisco products are affected by these vulnerabilities.
Cisco will release software updates that address these vulnerabilities. Any
workarounds for a specific Cisco product or service will be documented in
the relevant Cisco bugs, which are identified in the Vulnerable Products
section of this advisory.
Note: At the time of publication, no Cisco products were found to be
affected by the remote code execution and DoS vulnerabilities, which are
identified by the following Common Vulnerabilities and Exposures (CVE) IDs:
? CVE-2020-25681
? CVE-2020-25682
? CVE-2020-25683
? CVE-2020-25687
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Affected Products
o Cisco investigated its product line to determine which products may be
affected by these vulnerabilities.
The Vulnerable Products section includes Cisco bug IDs for each affected
product or service. The bugs are accessible through the Cisco Bug Search
Tool and contain additional platform-specific information, including
workarounds (if available) and fixed software releases.
Any product or service not listed in Vulnerable Products section of this
advisory is to be considered not vulnerable.
Vulnerable Products
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
At the time of this investigation, no Cisco products have been found to be
affected by the remote code execution and DoS vulnerabilities.
Multiple Cisco products have been found to be susceptible to DNS cache
poisoning attacks. The following table lists Cisco products that have been
found to be susceptible to DNS cache poisoning attacks.
If a future release date is indicated for software, the date provided
represents an estimate based on all information known to Cisco as of the
Last Updated date at the top of the advisory. Availability dates are
subject to change based on a number of factors, including satisfactory
testing results and delivery of other priority features and fixes. If no
version or date is listed for an affected component (indicated by a blank
field and/or an advisory designation of Interim), Cisco is continuing to
evaluate the fix and will update the advisory as additional information
becomes available. After the advisory is marked Final, customers should
refer to the associated Cisco bug(s) for further details.
Product Cisco Bug Fixed Release
ID Availability
Network Management and Provisioning
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 1560 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
Cisco Aironet 1810 Series OfficeExtend 8.5MR7 (Feb 2021)
Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 1810w Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 1815 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 1830 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 1850 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 2800 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
8.5MR7 (Feb 2021)
Cisco Aironet 3800 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
Cisco Aironet 4800 Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
Cisco Business 100 Series Access Points CSCvv83754 10.4.1.0 (Feb 2021)
Cisco Business 200 Series Access Points CSCvv83754 10.4.1.0 (Feb 2021)
8.10MR5 (Feb 2021)
Cisco Catalyst 9100 Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
Cisco Catalyst IW 6300 Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
8.10MR5 (Feb 2021)
Cisco ESW6300 Series Access Points CSCvv83754 16.12.5 (Feb 2021)
17.3.3 (Feb 2021)
17.5.1 (Mar 2021)
Cisco Policy Suite CSCvv83241 21.1.0 (Jan 2021)
Routing and Switching - Enterprise and Service Provider
Cisco 1000 Series Connected Grid Routers CSCvv84554
(CGR1000 compute module)
Cisco IR800 Integrated Services Router CSCvv84553
(Guest OS)
Cisco Wireless Gateway for LoRaWAN CSCvw00914 2.1.0.3 (Mar 2021)
Meraki Products
Cisco Meraki MR (all models) N/A MR 27 firmware
27.5.1 or later
MS 12 firmware 12.28
Cisco Meraki MS (all models) N/A or later
MS 14 firmware 14.11
or later
Cisco Meraki MV (all models) N/A MV 4 firmware 4.8 or
later
MX 14 firmware 14.53
Cisco Meraki MX (all models) N/A or later
MX 15 firmware 15.41
or later
Firmware 14.53 or
Cisco Meraki Z-Series (all models) N/A later
Firmware 15.41 or
later
Routing and Switching - Small Business
Cisco RV042 Dual WAN VPN Router CSCvv83789 None planned
Cisco RV042G Dual Gigabit WAN VPN Router CSCvv83789 None planned
Cisco RV160x VPN Router CSCvv83787
Cisco RV260x VPN Router CSCvv83788
Cisco RV340W Dual WAN Gigabit Wireless-AC CSCvv83239
VPN Router
Cisco Small Business RV Series RV110W CSCvv83235 None planned
Wireless-N VPN Firewall
Cisco Small Business RV Series RV215W CSCvv83237 None planned
Wireless-N VPN Router
Cisco Small Business RV Series RV320 Dual CSCvv83238
Gigabit WAN VPN Router
Cisco Small Business RV Series RV325 Dual CSCvv83816 None planned
WAN VPN Router
Cisco Small Business RV130 Series VPN CSCvv83791 None planned
Routers
Cisco Small Business RV130 VPN Router CSCvv83236 None planned
Unified Computing
Cisco Enterprise NFV Infrastructure CSCvw00975
Software (NFVIS)
Voice and Unified Communications Devices
Cisco IP Conference Phone 7832 CSCvv83246
Cisco IP Conference Phone 8832 CSCvv83250
Cisco IP Phone 6800 Series with CSCvv83248
Multiplatform Firmware
Cisco IP Phone 6821 with Multiplatform CSCvw00982
Firmware
Cisco IP Phone 7800 Series with CSCvv83243
Multiplatform Firmware
Cisco IP Phone 7800 Series CSCvv83249
Cisco IP Phone 8800 Series with CSCvv83242
Multiplatform Firmware
Cisco IP Phone 8865 CSCvv83245 Release no. TBD (Mar
2021)
Cisco SPA112 2-Port Phone Adapter CSCvv83234 None planned
Cisco SPA122 Analog Telephone Adapter (ATA) CSCvv83234 None planned
with Router
Cisco SPA232D Multi-Line DECT Analog CSCvv83234 None planned
Telephone Adapter (ATA)
Cisco Unified IP Phone 9951 CSCvv83247
None planned
Cisco Unified IP Phone 9971 CSCvv83247
None planned
Cisco Wireless IP Phone 8821 CSCvw00918
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Expressway Series CSCvv83227 X12.7.1 (Feb 2021)
Cisco TelePresence Video Communication CSCvv83227 X12.7.1 (Feb 2021)
Server (VCS)
Cisco Cloud Hosted Services
Cisco IP Phone 6800 Series CSCvw01205
Cisco Spark Calling CSCvw00907 X12.7.1 (Feb 2021)
Cisco Webex Teams (formerly Cisco Spark) CSCvv83214 None planned
Webex Room Phone CSCvv87082
Products Under Investigation
Routing and Switching - Enterprise and Service Provider
? Cisco IOS XE Software
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Cisco products that do not offer DNS server capabilities are not affected
by these vulnerabilities.
At the time of publication, no Cisco products were found to be affected by
the vulnerabilities identified by the following Common Vulnerabilities and
Exposures (CVE) IDs:
? CVE-2020-25681
? CVE-2020-25682
? CVE-2020-25683
? CVE-2020-25687
Details
o Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the DNSSEC implementation of dnsmasq could
allow an unauthenticated, remote attacker to execute arbitrary code or
cause a denial of service (DoS) condition on an affected device.
The vulnerabilities are due to improper memory management when the affected
software processes DNS packets with DNSSEC data. An attacker could exploit
these vulnerabilities by sending malicious DNS packets to be processed by
the affected device.
When these packets are processed, an exploitable overflow condition may
occur. A successful exploit could allow the attacker to execute arbitrary
code with the privileges of the underlying dnsmasq software or cause DoS
condition on the affected device.
These vulnerabilities affect dnsmasq installations that match all of the
following criteria:
? Include a vulnerable release of dnsmasq
? Capable of acting as a DNS server
? Capable of validating DNSSEC data
These vulnerabilities have been assigned the following CVE IDs:
? CVE-2020-25681
? CVE-2020-25682
? CVE-2020-25683
? CVE-2020-25687
At the time of this investigation, no Cisco products have been found to be
affected by these vulnerabilities.
DNS Cache Poisoning Attacks
Multiple weaknesses in the DNS server functionality of dnsmasq could allow
an unauthenticated, remote attacker to more easily forge DNS answers that
can poison DNS caches.
Each weakness results in dnsmasq accepting DNS answers based on checks that
are performed on an amount of entropy that is lower than what is mandated
by RFC 5452. The combination of these weaknesses would allow an attacker to
mount a successful DNS cache poisoning attack with low traffic
requirements.
These weaknesses affect dnsmasq installations that match all of the
following criteria:
? Include a vulnerable release of dnsmasq
? Capable of acting as a DNS server
? Capable of caching DNS responses
These weaknesses have been assigned the following CVE IDs:
? CVE-2020-25684
? CVE-2020-25685
? CVE-2020-25686
Multiple Cisco products have been found to be susceptible to DNS cache
poisoning attacks.
Workarounds
o Any workarounds for a specific Cisco product or service will be documented
in the relevant Cisco bugs, which are identified in the Vulnerable Products
section of this advisory.
Fixed Software
o For information about fixed software releases, consult the Cisco bugs
identified in the Vulnerable Products section of this advisory.
When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page, to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the
Cisco Technical Assistance Center (TAC) or their contracted maintenance
providers.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is aware that
proof-of-concept exploit code is available for the vulnerabilities that are
described in this advisory.
Cisco PSIRT is not aware of any malicious use of the vulnerabilities that
are described in this advisory.
Source
o Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for
reporting these vulnerabilities, which were investigated and disclosed
under the coordination of CERT/CC.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Revision History
o
+----------+----------------------------+----------+----------+---------------+
| Version | Description | Section | Status | Date |
+----------+----------------------------+----------+----------+---------------+
| 1.0 | Initial public release. | -- | Interim | 2021-JAN-19 |
+----------+----------------------------+----------+----------+---------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAecDuNLKJtyKPYoAQi5ow//bXzERGEVQg/HhDSH6Ead7UEPUBp/vwUt
xS0fo5jIiVkb/mfW4KmYhxXdRgTU/mkg52Vpf/uK8AJTxUWxhiGOqNLpB6UGfw+z
bbcd1zDu5NEjNTLhiaW0cdAkQirIaFjhxkecvf+CjNHbAHfV/pwizyJhDHIJM8xx
cTIuoHS4Qi5uh8J22dbV4Rh8trAqH6ZW5q5O+dhCyr2ovs57cQF5yecU2R+Wm2NA
erlQ0lV4d/ll7YlQNFK4AkXNgoZX1+SLIZMYzZwomj+ObIdj9QNuCM3DqtVT5mVr
oaNuTqN3hGC9+aDFECj21Wx+1o/ubLw3nHaIRA394SHjCu+H7HNY5Y1ZXsiqhVmz
bqLscWvPFFo5+2qbcrSgDb64YmB8OCj4aeyQgQw55nCXU4D252RXpw62gPfopM2H
NnUl5qMx29KPF6nUNYvkgwj6Pe1G4SfqRBStBQDz+UoVb0AFN6duENZeCvBEBcLK
JiPeQFAqHWRDBge8TsYASVPL+edCj6SuxHJczvKbYOdEZJGySztdnerzk9YkpRX5
LVM6XvO9xvOp+p75WF7x/63RlO2W/z23sNCKHTlpuVKVPrZIrKz40mW+y/DgrVGV
KViJ5Ue7UHm+N9Y7yKeEYQm2eA8qUKZsxblMvtRHizZxIJ7tRwYCkWwyAqsWzH1U
aoJQiJQ9dzA=
=KSFG
-----END PGP SIGNATURE-----