Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0388
Cisco IOS XR Software Vulnerabilities
4 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco IOS XR Software
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1313 CVE-2021-1288 CVE-2021-1268
CVE-2021-1243 CVE-2021-1128
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
Comment: This bulletin contains four (4) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco IOS XR Software Enf Broker Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-iosxr-dos-WwDdghs2
First Published: 2021 February 3 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCuy67256 CSCuz39742
CVE Names: CVE-2021-1288 CVE-2021-1313
CWEs: CWE-399
Summary
o Multiple vulnerabilities in the ingress packet processing function of Cisco
IOS XR Software could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2
Affected Products
o Vulnerable Products
These vulnerabilities affect Cisco devices if they are running an affected
release of Cisco IOS XR Software.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect the following
Cisco products:
IOS Software
IOS XE Software
NX-OS Software
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows.
CVE-2021-1288: Cisco IOS XR Software Enf Broker Denial of Service
Vulnerability
A vulnerability in the ingress packet processing function of Cisco IOS XR
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected device.
The vulnerability is due to a logic error that occurs when an affected
device processes Telnet protocol packets. An attacker could exploit this
vulnerability by sending specific streams of packets to the affected
device. A successful exploit could allow the attacker to cause the
enf_broker process to crash, which could lead to system instability and the
inability to process or forward traffic through the affected device.
This vulnerability can be exploited using specific, crafted streams of
packets over either IPv4 or IPv6.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCuz39742
CVE ID: CVE-2021-1288
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-1313: Cisco IOS XR Software Enf Broker Denial of Service
Vulnerability
A vulnerability in the ingress packet processing function of Cisco IOS XR
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected device.
The vulnerability is due to improper resource allocation when an affected
device processes either ICMP or Telnet protocol packets. An attacker could
exploit this vulnerability by sending specific streams of packets to the
affected device. A successful exploit could allow the attacker to cause the
enf_broker process to leak system memory. Over time, this memory leak could
cause the enf_broker process to crash, which could lead to system
instability and the inability to process or forward traffic through the
affected device.
This vulnerability can be exploited using specific, crafted streams of
packets over either IPv4 or IPv6.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCuy67256
CVE ID: CVE-2021-1313
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Indicators of Compromise
o Exploitation of either of these vulnerabilities can result in a crash of
the enf_broker process on an affected device. When a device has experienced
a crash of the enf_broker process, the following messages may be seen in
the system logs:
%OS-SYSMGR-3-ERROR : enf_broker(1) (jid 209) exited, will be respawned with
a delay (slow-restart)
%OS-SYSMGR-3-ERROR : enf_broker(209) (fail count 28597) will be respawned
in 120 seconds
%OS-DUMPER-7-DUMP_REQUEST : Dump request for process pkg/bin/
enf_broker%OS-DUMPER-7-DUMP_ATTRIBUTE : Dump request with attribute 200 for
process pkg/bin/enf_broker
These error messages indicate that the enf_broker process has crashed.
However, the process may have crashed for a reason other than the
exploitation of one of these vulnerabilities. Customers are advised to
contact their support organization to review the error messages and
determine whether the device has been compromised by an exploitation of one
of these vulnerabilities.
Workarounds
o There are no workarounds for these vulnerabilities. However, multiple
mitigations are available.
As a mitigation for CVE-2021-1288, customers can disable the Telnet
protocol for incoming connections. Information on how to disable Telnet can
be found in the Cisco Guide to Harden Cisco IOS XR Devices.
Because CVE-2021-1313 can be exploited when processing a stream of either
Telnet or ICMP protocol packets, the following steps for mitigation should
be implemented together to ensure protection against the two attack
vectors:
Disable the Telnet protocol for incoming connections.
Implement an access control entry (ACE) to an existing interface ACL or
create a new ACL that denies ICMP traffic that is inbound to a specific
interface. The following input is an example of how to create an IPv4
ACL and deny ICMP traffic:
P/0/0/CPU0:router(config)# ipv4 access-list <acl_name> deny icmp any any
For information on how to perform both of these mitigations, see the Cisco
Guide to Harden Cisco IOS XR Devices .
While these mitigations have been deployed and were proven successful in a
test environment, customers should determine the applicability and
effectiveness on their own environment and under their own use conditions.
Customers should be aware that any workaround or mitigation that is
implemented may negatively impact the functionality or performance of their
network, based on intrinsic customer deployment scenarios and limitations.
Customers should not deploy any workarounds or mitigations before first
evaluating their applicability to their own environment and any impact to
such environment.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s):
Cisco IOS XR First Fixed First Fixed First Fixed Release for All
Software Release for Release for Vulnerabilities Described in This
Release CVE-2021-1288 CVE-2021-1313 Advisory
(CSCuz39742) (CSCuy67256)
Migrate to a 5.2.47 ^1
5.0 fixed 5.3.4 None. Apply SMU.
release.
6.0 6.0.2 Not 6.0.2
vulnerable.
7.0 and later Not Not Not vulnerable.
vulnerable. vulnerable.
^ 1 Cisco IOS XR Software Release 5.2.47 addresses CVE-2021-1313 on Cisco
Network Convergence System 4000 Series. For all other affected platforms
that are running Cisco IOS XR, Cisco has fixed CVE-2021-1313 on Cisco IOS
XR 5.3.4 software release and later.
Cisco has released SMUs that address these vulnerabilities. The following
tables provide the SMU name for each release based on platform. Although
names of the SMUs include CSCuy67256 only, the SMUs contain the fixes for
both CSCuz39742 and CSCuy67256.
Cisco IOS XR Software Release Platform SMU Name
5.1.3 ASR9K-PX asr9k-px-5.1.3.CSCuy67256
5.3.2 ASR9K-PX asr9k-px-5.3.2.CSCuy67256
5.3.3 ASR9K-PX asr9k-px-5.3.3.CSCuy67256
CRS-PX hfr-px-5.3.3.CSCuy67256
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o CVE-2021-1288: Cisco would like to thank the U.S. National Security Agency
(NSA) for reporting this vulnerability.
CVE-2021-1313: This vulnerability was found during the resolution of a
Cisco TAC support case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-FEB-03 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Subject: New Cisco bulletin: Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability
From: cisco-bulletins@auscert.org.au
Date: Wed, 3 Feb 2021 19:52:04 +0000 (UTC)
To: auto-bulletins@auscert.org.au
TITLE: Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
Found CVEs: CVE-2021-1268
CVE-2021-1268
No information found.
=== ESB ===vVv=== SCRAPED BULLETIN BODY ===vVv=== ESB ===
Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-xripv6-spJem78K
First Published: 2021 February 3 16:00 GMT
Version 1.0: Final
Workarounds: Yes
Cisco Bug IDs: CSCvv45504
CVE Names: CVE-2021-1268
CWEs: CWE-1076
Summary
o A vulnerability in the IPv6 protocol handling of the management interfaces
of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker
to cause an IPv6 flood on the management interface network of an affected
device.
The vulnerability exists because the software incorrectly forwards IPv6
packets that have an IPv6 node-local multicast group address destination
and are received on the management interfaces. An attacker could exploit
this vulnerability by connecting to the same network as the management
interfaces and injecting IPv6 packets that have an IPv6 node-local
multicast group address destination. A successful exploit could allow the
attacker to cause an IPv6 flood on the corresponding network. Depending on
the number of Cisco IOS XR Software nodes on that network segment,
exploitation could cause excessive network traffic, resulting in network
degradation or a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
Affected Products
o Vulnerable Products
This vulnerability affects Cisco devices if they are running a vulnerable
release of Cisco IOS XR Software and the management interface is configured
with both of the following:
An IPv6 address
The default IPv6 static route with next-hop on the management interface
segment
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Details
o If this vulnerability is exploited, the number of packets that are
forwarded to the network is dependent on the number of Cisco IOS XR
Software management interfaces that are connected to the network segment.
The more Cisco IOS XR devices that have management interfaces and are
connected to the same Layer 2 domain, the more packets that are forwarded
on the Layer 2 segment. An excessive number of forwarded packets could
result in network degradation and possibly cause a denial of service (DoS)
condition on the network.
Workarounds
o Removing the default IPv6 static route and adding a prefix-specific route
would mitigate this vulnerability. For example, removing the default IPv6
static route and adding an IPv6 static route of 2000::/3 <next hop> would
mitigate this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed this vulnerability in Cisco IOS XR Software releases 6.7.3,
7.1.3, 7.2.2, and 7.3.1.
Cisco has released software maintenance upgrades (SMUs) to address this
vulnerability. Customers who require SMUs for other platforms and releases
are advised to contact their support organization.
Cisco IOS XR Software Release Platform SMU Name
6.3.1 NCS1K ncs1k-6.3.1.CSCvv45504
NCS1001 ncs1001-6.3.1.CSCvv45504
6.5.2 NCS1K ncs1k-6.5.2.CSCvv45504
NCS1001 ncs1001-6.5.2.CSCvv45504
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-FEB-03 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability
Priority: Medium
Advisory ID: cisco-sa-snmp-7MKrW7Nq
First Published: 2021 February 3 16:00 GMT
Version 1.0: Final
Workarounds: Yes
Cisco Bug IDs: CSCvt93184
CVE Names: CVE-2021-1243
CWEs: CWE-284
Summary
o A vulnerability in the Local Packet Transport Services (LPTS) programming
of the SNMP with the management plane protection feature of Cisco IOS XR
Software could allow an unauthenticated, remote attacker to allow
connections despite the management plane protection that is configured to
deny access to the SNMP server of an affected device.
This vulnerability is due to incorrect LPTS programming when using SNMP
with management plane protection. An attacker could exploit this
vulnerability by connecting to an affected device using SNMP. A successful
exploit could allow the attacker to connect to the device on the configured
SNMP ports. Valid credentials are required to execute any of the SNMP
requests.
Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco IOS XR
Software releases later than Release 6.1.1 and earlier than releases 6.6.4,
6.7.2, 7.0.2, 7.0.12, 7.1.1, and 7.2.1.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
A device is vulnerable if it is configured with either SNMPv2 or SNMPv3, if
it is using management plane protection with the Out-of-Band Management
Interface, and if a VRF is configured, as shown in the following example:
RP/0/RSP1/CPU0:IOS-XR#show running-config control-plane
<snip>
control-plane
management-plane
out-of-band
vrf MGMT
interface MgmtEth0/RSP0/CPU0/0
allow SNMP peer
address ipv4 X1.X2.X3.X4
address ipv4 R1.R2.R3.R4
address ipv4 S1.S2.S3.S4
address ipv4 V1.V2.V3.V4
!
!
interface MgmtEth0/RSP1/CPU0/0
!
allow SNMP peer
address ipv4 X1.X2.X3.X4
address ipv4 R1.R2.R3.R4
address ipv4 S1.S2.S3.S4
address ipv4 V1.V2.V3.V4
!
Note: No other management protocols that are supported by the management
plane protection feature are affected.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Details
o If the management plane protection for SNMP is configured before SNMP is
configured on the device or if the SNMP process restarts, the LPTS bindings
will no longer reflect the management plane protection configuration for
SNMP. Access would then be permitted, as shown in the following example:
RP/0/RSP1/CPU0:IOS-XR#show lpts bindings brief | include Mg0
Tue Feb 2 20:53:03.606 UTC
0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP0/CPU0/0 any,161 any
0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP1/CPU0/0 any,161 any
0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP0/CPU0/0 any,162 any
0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP0/CPU0/0 any,162 any
0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP0/CPU0/0 any,161 any
0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP1/CPU0/0 any,161 any
RP/0/RSP1/CPU0:IOS-XR#
Workarounds
o A temporary workaround is to remove and reapply the SNMP management plane
protection configuration. Doing this will ensure that SNMP is configured
first and the LPTS entries are correctly programmed. However, if the SNMP
process restarts, the vulnerable LPTS entry state would reappear.
Alternatively, apply an access control list (ACL) directly to the SNMP
configuration, as shown in the following example:
RP/0/RSP1/CPU0:IOS-XR#conf t
RP/0/RSP1/CPU0:IOS-XR(config)#
RP/0/RSP1/CPU0:IOS-XR(config)#ipv4 access-list allow_snmp permit udp host A.B.C.D any eq 161
RP/0/RSP1/CPU0:IOS-XR(config)#ipv4 access-list allow_snmp permit udp host A.B.C.D any eq 162
RP/0/RSP1/CPU0:IOS-XR(config)#snmp-server community example RO allow_snmp
RP/0/RSP1/CPU0:IOS-XR(config)#commit
RP/0/RSP1/CPU0:IOS-XR(config)#
RP/0/RSP1/CPU0:IOS-XR#
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco IOS XR Software releases 6.6.4, 6.7.2,
7.0.2, 7.0.12, 7.1.1, and 7.2.1 and later contained the fix for this
vulnerability.
Note: Changes that are made by Cisco bug ID CSCvr95904 prevent this
vulnerability from being exploited. As a result, the first fixed data is a
combination of the first fix from both CSCvr95904 and CSCvt93184.
Cisco has also released software maintenance upgrades (SMUs) that address
this vulnerability for the following Cisco IOS XR Software releases and
platforms:
Cisco IOS XR Software Release Platform SMU Name
6.4.2 ASR9K-PX asr9k-px-6.4.2.CSCvt93184
CRS-PX hfr-px-6.4.2.CSCvt93184
6.6.3 NCS5500 ncs5500-6.6.3.CSCvt93184
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-FEB-03 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability
Priority: Medium
Advisory ID: cisco-sa-ios-infodisc-4mtm9Gyt
First Published: 2021 February 3 16:00 GMT
Version 1.0: Final
Workarounds: Yes
Cisco Bug IDs: CSCvt41022
CVE Names: CVE-2021-1128
CWEs: CWE-201
Summary
o A vulnerability in the CLI parser of Cisco IOS XR Software could allow an
authenticated, local attacker to view more information than their
privileges allow.
The vulnerability is due to insufficient application of restrictions during
the execution of a specific command. An attacker could exploit this
vulnerability by using a specific command at the command line. A successful
exploit could allow the attacker to obtain sensitive information within the
configuration that otherwise might not have been accessible beyond the
privileges of the invoking user.
Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco IOS XR
Software releases earlier than 7.1.2, 7.2.1, and 7.3.1.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There is a workaround that addresses this vulnerability.
Administrators can configure the following to limit the information that is
displayed to the unprivileged user:
aaa authorization exec default local
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco IOS XR Software releases 6.7.2, 7.1.2,
7.2.1, and later contained the fix for this vulnerability.
Cisco has not released Software Maintenance Upgrades (SMUs) that address
this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-FEB-03 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYBtY0eNLKJtyKPYoAQhi/w/+PgRJxs6ExU8grXYvoog3OKBareFdF9t7
GqbKeG4caejVtq0R8pFMqgFbOFYRliVVRaa2s02IdTMwLwV72Y0dtSpaNoAe/48d
0oIOwxcZ89Op0hQtedxqtccAPYcVOdTWYRIXW+TuGMUgTz5lxqH5igwivloJa62L
7lZ5xodHPtUywMTC2gRPPXzQS24N++3zI8CW6F2AZuouFreARyYn9qdEaqr11jVJ
n4el//JSi5PRPIRjFS7ob7UXEUbphKeW/XpY5MG5EPz11wUue9G84znv+D2IAOoO
XLeh6HZ16FEy3LKz6FkrzQz3ZGkVO+Zcwpwx9s1gFuspdZsVu/zsgCbz3J9ojmNK
sYXE8IODyyMBzO9JyWVa3oVmzsgEKPpE8LVLCPeEasGsF+1WY+V5YAZrk3j4iQSZ
GImoVgjfl169ljsOy+YxxWW4iSZ/uLlxb2Bx3TU1c8CtAhBBpLl1t/4SDo3ixlg9
bw0eW6inIDutTtpTHuiq9xIAk8hdoHCKmVqKFrIpdxnprjm8IpxQsSht0h2KLQxd
fBHCQBlflfieLrcJApX+nGmeMRguR39KZbbwNcFWIC43w+z2jVnsHanCdmiGpE+B
OFUs5qV17lv4YIohuYcrp/6yLtPaRm+cLQD2ObPer8llRRkHDU2Oxb3MgZiTqDK5
pDpUj7Xtv5E=
=U0Y/
-----END PGP SIGNATURE-----