New Patches Address Critical Vulnerability Points in Cisco Systems

By: James O'Brien| - Leave a comment

Cisco recently issued patches to address critical vulnerability points in multiple systems, eliminating exploits in two collaboration platforms and appliances that incorporate the company’s FirePOWER security service modules.

According to Computerworld, the platforms and systems affected are Cisco’s Telepresence Codec software, Collaboration Endpoint software and FirePOWER System software, wherein the company identified a pair of separate hacking vectors.

Critical Vulnerability Identified in Telepresence Software

In the Telepresence software instances, cybercriminals discovered how to access system configuration and command functionality by creating HTTP requests, thereby avoiding authentication safeguards within Codec’s and Collaboration Endpoint’s XML application programming interface (API).

The exploit compromises the following devices:

  • TelePresence EX Series;
  • TelePresence Integrator C Series;
  • TelePresence MX Series;
  • TelePresence Profile Series;
  • TelePresence SX Series;
  • TelePresence SX Quick Set Series;
  • TelePresence VX Clinical Assistant; and
  • TelePresence VX Tactical.

Cisco suggests that if clients are unable to immediately install the issued patches, the vulnerabilities can be temporarily addressed by disabling the Telepresence software’s XML API. That solution, however, will disable some product features until the patches are installed.

Other Shortcomings in FirePOWER System

The FirePOWER system issues create a critical vulnerability for denial-of-service attacks; malicious programmers can stop the security modules from inspecting, processing and responding to packets.

Devices compromised include the following:

  • Cisco FirePOWER 7000 Series Appliances;
  • Cisco FirePOWER 8000 Series Appliances;
  • Cisco Advanced Malware Protection for Networks running on Cisco FirePOWER 7000 Series appliances;
  • Cisco Advanced Malware Protection for Networks running on Cisco FirePOWER 8000 Series appliances;
  • The Adaptive Security Appliance 5585-X FirePOWER Security Services Processor module.

Open SSL Project Updates Impact Cisco Projects

The new patches come while Cisco is working to identify products that could be affected by last week’s OpenSSL Project announcement as well. The project is effectively patching its own vulnerabilities — one OpenSSL patch stops a man-in-the-middle exploit that could allow malicious hackers to decrypt traffic, as reported by SecurityWeek.

Another significant weak spot involves a bug that creates intrusion vectors around large universal tags. In this instance, cyberattackers could corrupt system memory, causing crashes and/or opening avenues where they can execute arbitrary code.

Cisco will issue advisory updates around the OpenSSL patches as its investigation of potentially impacted products continues.

Topics: , ,


About The Author

James O'Brien

Freelance Writer

As a journalist and writer in the branded content space, James O'Brien covers business, technology, social media, marketing, film, food, wine, writing and news. The Nieman Journalism Lab has called his work in the custom content space "sponsored content done right." He has written for major regional newspapers, and he has managed and edited established, startup and turnaround newsrooms in varied markets, from community papers to major-city dailies. He consults for firms and businesses — startups to seasoned — on the creation of effective content strategies and the establishment of practical editorial calendars for enacting them. O'Brien holds a Ph.D. in Editorial Studies from the Editorial Institute at Boston University, where he researched and edited Bob Dylan's other-than-song writings. He is engaged in a bibliography for Oxford University Press, covering writings about filmmaker John Cassavetes. He is the author of "The Indie Writer's Survival Guide." His short stories and poetry are published in numerous journals and magazines.

Articles by James O'Brien
See All Posts