The Vulnerability which was tracked is CVE-2020-3347 and this happened due to unsafe usage of shared memory of the Cisco Webex app.

From the Report of Trustwave SpiderLabs Security who said that the vulnerability which they discovered, if a user configured the client which has several memory-mapped files that are not protected from reading or writing.

“The Malicious user can open and dump the content of the file if they long to the machine. The simply put another user and can loop all the sessions and try to open, read and save interesting content for the future disturbance”

“The Vulnerability can be exploited by an attacker who has access to the system memory and this happens by running application on the local system”

If the exploitation of the vulnerability succeeds then it allows the attackers to retrieve sensitive information from the shared memory which includes usernames, meeting information, or authentication tokens that could help the attackers of the future attacks.

Cisco Webex meeting Desktop App for the Windows release earlier than 40.6.0 is affected with the same vulnerability and how cisco has released the patches and recommends the user to update the Cisco Webex application.

“After considering the software upgrades the customers also advised to regularly consult the advisories for cisco product which are available from the Cisco security advisories and alert page which determine the exposure and complete upgrade solution”

The Cisco Product Security Incident Response Team said the “they not aware of any malicious use of the vulnerability that is mentioned by the advisory”

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Cisco Webex Meeting: Windows User Sensitive Data at Risk appeared first on Vednam.

According to the report, the total vulnerabilities are 25 that have high and critical severity levels were eliminated as part of IOS and IOS XE.

The company also mentioned a number of other recommendations as well as on problems of high and medium severity affecting the IOS and the other software.

CVE-2020-3205 is the most critical and serious issue which allows the unauthenticated attackers to execute the arbitrary shell commands on a VDS server.

The Cyber attacker can exploit the security flaw and simply send the crafted packets to the victim’s device and that was the successful attack that can make compromise the victim’s systems.

The Second Vulnerabilities found is CVE-2020-3198 and this is the same as the previous one.

As the vulnerabilities hit the and authentication of attackers which you can remotely execute the arbitrary code on the vulnerable machine and crash the system after that reboot the device by sending the malicious packets to the machine.

Some Routers of Cisco like ISR 809 and 829 Industrial Routers even 1000 Series CGRs also.

Here the Third vulnerability caught is that CVE-2020-3227 is critical but it is not more dangerous as the earlier one and the flaw has scored 908 points out of 10 on CVSS scale.

CVE-2020-3227: Software Privilege

CVE-2020-3227 fowl has the issue of authorization controls for the Cisco 10x Infrastructure in Cisco IOS XE

As you all know, a simple bug can make authentication and credentials bypass and let the attacker full access to the machine. The same happens with the Cisco IOxAPI and executes commands remotely.

So what happened the vulnerabilities turned out to be the IOx that does not correctly handle requests for authorization tokens and the result is that it allows an attacker to use a special API commands requests a token and that execute commands on the affected machine.

Cisco already mentioned that it had released the necessary software update that specially addressed the vulnerability that there were no issues available with these updates.

After this cisco released the new Cisco IOS XE  software 16.3.1 for the security flaw comes in the router.

CVE-2020-3205: VM Channel

The CVE-2020-3205 Error has been present I the inter-VM channel of the Cisco IOS software for the Router 809,829, and 1000 Series that may be designed as hypervisor architecture. This vulnerability can allow the attacker to enter without unauthenticated and saute the shell commands in VDS of the affected devices.

The security issues are used by the cyber attacker to send malicious packets to the victims machine. If the attackers enter the router and then he/she can efficiently execute the commands with the privilege of the root user and that is the full commands on the device as you say.

After that Cisco released patched software and reminded every user to update with the new software to get rid of these vulnerabilities.

CVE-2020-3198: Code Execution 

In the Case of CVE-2020-3198, if the router crash or restart can be targeted by the attacker and the code is executed in the back of the shell. Cisco has mentioned a level of vulnerabilities 9.8 out of 10 points so this is more harmful and potential vulnerabilities than then rest of. Cisco has also published the software updates for the CVE-2020-3198 and now it was under control.

If you have any questions? Please! let me know in the comment section.

The post Cisco IOS router Under threat due some critical Flaw appeared first on Vednam.

The cyber attackers have exploited the critical vulnerabilities in the SaltStack which is an open-source framework.

This is mainly used for the implementation of data center systems and it’s automatic services.

From Cisco, it was also mentioned that the Cisco Modeling Labs Corporate Edition (CML) is also vulnerable to attacks that is because it has the same version of Saltstack and that helps to run the vulnerable Salt Master installation.

The information we gather is “CML basically used by the user to simulate Cisco Devices and third-party devices. The VIRAL-PE that helps users to create infra and test the virtual networks in a development and test the environment easily.”

Cisco Product Vulnerable 

There is mainly two product which is affected by the vulnerabilities :

• Cisco Virtual Internet Routing Lab Personal Edition(VIRl-PE)
• Cisco Modeling Labs Corporate Edition (CML)

The main Server Compromised

From the report of the company the Attacker can manage to compromise six infrastructure to take control :

• us-1.virl.info
• us-2.virl.info
• us-3.virl.info
• us-4.virl.info
• vsm-us-1.virl.info
• vsm-us-2.virl.info

We Got an image from the news that shows a device where the salt-master service is enabled :

Where Cisco lacks in security :

The vulnerabilities that can bypass the authentication as CVE-2020-11651 and a directory traversal that is identified as CVE-2020-11652.

The above two is the flaws can allow the attackers to gain the authority to access the entire file system of the servers that are configured in SaltStack,

CVE-2020-11651: Bypass authentication Vulnerable
CVE-2020-11652: Traversal Directory Vulnerable 

On May 7, 2020, Cisco updated the compromised server and check all the vulnerabilities which can be fixed by the patch like the authentication bypass vulnerabilities(CVE-2020-11651) and the directory traversal vulnerabilities (CVE-2020-11652) that mainly affect the Saltstack severs.

After that Cisco released two essential updates for the VIRL-PE services and that was related to the product Cisco Modeling Labs Corporate Edition. The Security experts claimed that the security flaws on any version of services before the updates.

The SaltStack we mainly meant to observe and help to update the servers with their automatic process with the help of a remote execution engine it also allows us to run commands on multiple systems by utilizing the master node that applies changes to target the servers.

Cisco is not only companies that are attacked by cybercriminals by using these vulnerable, but earlier the attackers have also attacked other popular companies as well using the security flaws.

The post Cisco server hacked by exploiting SaltStack Vulnerabilities. appeared first on Vednam.