Bored at home? Cisco has just the thing: A shed-load of security fixes to install, from a Kerberos bypass to crashes

Switchzilla issues a whopping 30+ patches in time for the long UK weekend


Cisco has emitted a fresh round of software updates to address nearly three dozen security holes in its products.

The patches, released over May 6 and 7, include 12 issues considered high-severity bugs, and another 22 classified as moderate severity. One of the holes has two CVE numbers assigned to it, so that's a total of 35 CVE-listed security vulnerabilities.

Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, particularly in the context of the network security appliances where they were found.

The Adaptive Security Appliance (ASA) range – Cisco's fancy term for a firewall – is host to 11 of the bug fixes. Among the more serious is CVE-2020-3125, a Kerberos bypass that can be exploited by "an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access."

"The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received," Cisco said of the flaw.

"An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device."

Then there's CVE-2020-3187, a directory traversal bug that would allow an unauthenticated remote attacker to read or temporarily delete files (they get restored with a reboot) on the Web Services file system. This also serves as a denial of service bug, allowing the aggressor to crash the appliance with a simple HTTP request, by deleting these sensitive files. Given that ASA is often used to protect VPNs, this would be bad.

"This can affect connection between branch offices in a distributed network, disrupt email, ERP, and other critical systems," said Mikhail Klyuchnikov, one of the two Positive Technologies researchers credited with discovering and reporting the flaw.

"Another problem is that internal resources may become unavailable to remote workers. This is especially dangerous now that many employees are working remotely due to the coronavirus outbreak."

ASA is also prone to denial of service errors via OSPF packets (CVE-2020-3298), SSL and TLS connections (CVE-2020-3196), Media Gateway Control Protocol (CVE-2020-3254), IPv6 (CVE-2020-3191), OSPF (CVE-2020-3195), DHCP (CVE-2020-3306), BGP (CVE-2020-3305), and IKEv1 (CVE-2020-3303).

In terms of sheer number of flaws, big target in this latest batch of fixes is the Firepower firewall line, host to 18 CVE-listed vulnerabilities.

These include denial of service via SSL/TLS (CVE-2020-3283), VPN tunnel connection (CVE-2020-3189), Generic Routing Encapsulation (CVE-2020-3179), XML (CVE-2020-3310), remote management (CVE-2020-3188), or even normal IPv4/IPv6 data packets (CVE-2020-3255,).

While not considered a major risk because it requires local network access, one of the more interesting bugs was CVE-2020-3253, a flaw in the support tunnel feature that allows an authenticated attacker to open a shell connection on the firewall. That would allow a rogue user or miscreant breaking in to really get stuck into the network.

"The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password," Cisco says.

"A successful exploit could allow the attacker to run any system command with root access on an affected device."

CVE-2020-3285, a flaw in the handling of Snort over TLS, could let a remote attacker bypass URL filters on the appliance. Signature verification can be bypassed by exploiting CVE-2020-3308, and information disclosure (unauthorized remote read access) is possible with CVE-2020-3312.

Other fixes include HTTP header injection bugs in Umbrella (CVE-2020-3246), HTTP detection (Snort) security bypass bugs in multiple routers and security appliances (CVE-2020-3315), and a bug in Cisco Content SMA allowing users to be redirected to attack sites (CVE-2020-3178).

Admins are advised to test and install the patches as soon as possible, hopefully before next Tuesday when Microsoft, Intel, Adobe, and SAP are due to deliver their monthly security fixes. ®

Similar topics


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022