Cisco Security Vulnerabilities & Advisories – Sept 18

Cisco have released a number of security advisories on 5th September regarding current product vulnerabilities, with impact ratings ranging from critical to medium. The advisories, as well as any information about affected products can be found at the following link:

https://tools.cisco.com/security/center/publicationListing.x

 Cisco Umbrella API Unauthorised Access Vulnerability (CVE-2018-0435)

A recent vulnerability discovered in the Cisco Umbrella API (Application Programming Interface) could potentially allow an attacker to gain remote unauthorized access to read, change or delete data across multiple organisations.

This vulnerability exists due to a lack of authentication configuration for the Umbrella API component.

As this is specific to the Umbrella API which is used to integrate Umbrella with other products and services for increased visibility and security enforcement, Cisco Umbrella is the only product/service affected by this vulnerability.

There are no workarounds for this, but Cisco have released software updates to address the issue, meaning there are no required actions for their Umbrella customers.

Severity: CRITICAL

CVSS Score: Base 9.1

The security advisory for this vulnerability is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerabilities (CVE-2018-0437) & (CVE-2018-0438)

Two vulnerabilities have been disclosed for the Cisco Umbrella Enterprise Roaming Client (ERC) and the Cisco Umbrella Roaming module which could potentially allow an attacker to elevate their privileges to Administrator level; however, to exploit this vulnerability, the attacker must be an authenticated user with valid local user credentials.

Both issues exist due to file system permissions being implemented incorrectly, which allows non-admin users to send files to restricted directories.

CVE-2018-0437 affects Cisco Umbrella ERC releases prior to 2.1.118 and Cisco AnyConnect Umbrella Roaming Module releases prior to 4.6.1098.

CVE-2018-0438 affects Cisco Umbrella ERC releases prior to 2.1.127.

There are no workarounds available, but Cisco have released software updates to address the issue.

We recommend that customers plan an upgrade of their current roaming client at the earliest opportunity.

Severity: HIGH

CVSS Score: Base 7.8

The security advisories for these vulnerabilities are available at the following link:

CVE-2018-0437: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

CVE-2018-0438: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read