Severity:
High,
Medium
Advisory ID:
PN1601
公開日:
October 27, 2022
最終更新日:
October 27, 2022
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2020-3209,
CVE-2020-3200,
CVE-2021-1385,
CVE-2020-3516,
CVE-2021-1446
概要
Stratix Products Vulnerable to Multiple Vulnerabilities
Revision History
Revision History
Version 1.0 –October 27,2022
Executive Summary
Rockwell Automation is aware of multiple vulnerabilities that impact Cisco IOS® XE and Cisco IOS software contained within Stratix® devices. Exploitation of these vulnerabilities could potentially lead to, but are not limited to, a denial-of-service condition and remote code execution.
Customers using affected versions of this software are encouraged to evaluate the following mitigations and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided. We have not received any notice of this vulnerability being exploited in Rockwell Automation products.
Customers using affected versions of this software are encouraged to evaluate the following mitigations and apply them where appropriate. Additional details relating to the discovered vulnerability, including the products in scope, impact, and recommended countermeasures, are provided. We have not received any notice of this vulnerability being exploited in Rockwell Automation products.
Affected Products
- Stratix 5800 Switches
- Stratix 5400/5410 Switches
Vulnerability Details
CVE 2020-3229 - Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
CVSS Base Score 8.8/10 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The administrator GUI lacks correct handing of RBAC, which may allow a malicious user to send modified HTTP requests to the targeted device. If exploited, a read-only remote attacker could potentially execute commands or configuration changes as the administrator user.
CVE 2020-3219 - Cisco IOS XE Software Web UI Command Injection Vulnerability
CVSS Base Score 8.8/10 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Due to insufficient validation of user input, this vulnerability could allow a malicious user to inject custom input into the web UI. If exploited, a remote attacker could potentially execute arbitrary code with administrative privileges on the operating system.
CVE-2021-1446 - Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial-of-Service Vulnerability
CVSS Base Score 8.6/10 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE 2020-3200 - Cisco IOS and IOS XE Software Secure Shell Denial-of-Service Vulnerability
CVSS Base Score 7.7/10 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS software and Cisco IOS XE software could allow an authenticated, remote attacker to cause an affected device to reload.
CVE 2020-3211 - Cisco IOS XE Software Web UI Command Injection Vulnerability
CVSS Base Score 7.2/10 (High)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Due to improper input sanitization, this vulnerability could allow a malicious user with administrative privileges to submit specially crafted input in the web UI. If exploited, a remote attacker could potentially execute arbitrary commands with root privileges on the operating system.
CVE 2020-3218 - Cisco IOS XE Software Web UI Remote Code Execution Vulnerability
CVSS Base Score 7.2/10 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Due to improper validation of user supplied input, a malicious user could potentially create a file on the target device and upload a second malicious file to the device. If exploited, a user could execute arbitrary code with root privileges on the underlying Linux shell.
CVE-2020-3209 - Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
CVSS Base Score 6.8/10 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The root cause of this vulnerability is an improper check on the area code that manages the verification of the digital signatures of the system files during the initial boot process. If exploited, a malicious user could potentially install and boot malicious software image or execute unsigned binaries on the targeted device. A malicious user could exploit this vulnerability by loading unsigned software on the affected device.
CVE-2021-1385 - Cisco IOx Application Environment Path Traversal Vulnerability
CVSS Base Score 6.5/10 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.
CVE 2020-3516 – Cisco IOS XE Software Web UI Improper Input Validation Vulnerability
CVSS Base Score 4.3/10 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device.
CVSS Base Score 8.8/10 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The administrator GUI lacks correct handing of RBAC, which may allow a malicious user to send modified HTTP requests to the targeted device. If exploited, a read-only remote attacker could potentially execute commands or configuration changes as the administrator user.
CVE 2020-3219 - Cisco IOS XE Software Web UI Command Injection Vulnerability
CVSS Base Score 8.8/10 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Due to insufficient validation of user input, this vulnerability could allow a malicious user to inject custom input into the web UI. If exploited, a remote attacker could potentially execute arbitrary code with administrative privileges on the operating system.
CVE-2021-1446 - Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial-of-Service Vulnerability
CVSS Base Score 8.6/10 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE 2020-3200 - Cisco IOS and IOS XE Software Secure Shell Denial-of-Service Vulnerability
CVSS Base Score 7.7/10 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS software and Cisco IOS XE software could allow an authenticated, remote attacker to cause an affected device to reload.
CVE 2020-3211 - Cisco IOS XE Software Web UI Command Injection Vulnerability
CVSS Base Score 7.2/10 (High)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Due to improper input sanitization, this vulnerability could allow a malicious user with administrative privileges to submit specially crafted input in the web UI. If exploited, a remote attacker could potentially execute arbitrary commands with root privileges on the operating system.
CVE 2020-3218 - Cisco IOS XE Software Web UI Remote Code Execution Vulnerability
CVSS Base Score 7.2/10 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Due to improper validation of user supplied input, a malicious user could potentially create a file on the target device and upload a second malicious file to the device. If exploited, a user could execute arbitrary code with root privileges on the underlying Linux shell.
CVE-2020-3209 - Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
CVSS Base Score 6.8/10 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The root cause of this vulnerability is an improper check on the area code that manages the verification of the digital signatures of the system files during the initial boot process. If exploited, a malicious user could potentially install and boot malicious software image or execute unsigned binaries on the targeted device. A malicious user could exploit this vulnerability by loading unsigned software on the affected device.
CVE-2021-1385 - Cisco IOx Application Environment Path Traversal Vulnerability
CVSS Base Score 6.5/10 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system.
CVE 2020-3516 – Cisco IOS XE Software Web UI Improper Input Validation Vulnerability
CVSS Base Score 4.3/10 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device.
Risk Mitigation & User Action
This vulnerability has been addressed in newer versions of the Stratix 5800 switch. Customers are also directed towards the risk mitigations provided below, and are encouraged, when possible, to combine these with the general security guidelines to employ multiple strategies simultaneously.
| Products Affected | Vulnerabilities | Suggested Actions |
| Stratix 5800 switches | CVE-2020-3209 | Update to Stratix 5800 v.17.04.01 or later |
| CVE 2020-3211 | ||
| CVE 2020-3218 | ||
| CVE 2020-3229 | ||
| CVE 2020-3219 | ||
| CVE-2020-3516 | ||
| CVE 2021-1385 | ||
| CVE-2021-1446 | ||
| Stratix 5800 switches | CVE-2020-3200 | Update to v16.12.01 or later |
| Stratix 5400/5410 switches | CVE-2020-3200 | Update to v15.2(7)E2 or later |
Additionally, please see our Knowledgebase article, QA43240 - Recommended Security Guidelines from Rockwell Automation, for additional recommendations to maintain the security posture of your environment.
References
- Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
- Cisco IOS XE Software Web UI Command Injection Vulnerability
- Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial-of-Service Vulnerability
- Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability
- Cisco IOS XE Software Web UI Command Injection Vulnerability
- Cisco IOS XE Software Web UI Remote Code Execution Vulnerability
- Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
- Cisco IOx Application Environment Path Traversal Vulnerability
- Cisco IOS XE Software Web UI Improper Input Validation Vulnerability
Copyright ©2022 Rockwell Automation, Inc.