{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-009.pdf"
    },
    "title": "Critical Vulnerabilities in Cisco Products",
    "serial_number": "2021-009",
    "publish_date": "04-02-2021 20:35:00",
    "description": "Cisco has published an advisory about several vulnerabilities affecting various Cisco Products. These vulnerabilities could lead to remote code execution, privilege escalation, directory traversal, file overwrite or denial of service. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.",
    "url_title": "2021-009",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Cisco\u00a0Products'\nversion: '1.0'\nnumber: '2021-009'\ndate: 'February 4, 2021'\n---\n\n_History:_\n\n* _04/02/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nCisco has published an advisory about several vulnerabilities affecting various Cisco Products [1-3]. These vulnerabilities could lead to **remote code execution**, **privilege escalation**, **directory traversal**, **file overwrite** or **denial of service**. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.\n\n# Technical Details\n\nThis advisory only describes the most critical vulnerabilities disclosed by Cisco.\n\n## CVE-2021-1289, CVE-2021-1290, CVE-2021-1291\n\nThe first group of vulnerabilities, identified by **CVE-2021-1289**, **CVE-2021-1290** and **CVE-2021-1291** [1], exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. The CVSS score of these vulnerabilities is **9.8**\n\n## CVE-2021-1288, CVE-2021-1313\n\nThe first vulnerability of this group, identified by **CVE-2021-1288** [2], is due to a logic error that occurs when an affected device processes Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the `enf_broker` process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device. The CVSS score of this vulnerability is **8.6**.\n\nThe second vulnerability, identified by **CVE-2021-1313** [2], is due to improper resource allocation when an affected device processes either ICMP or Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the `enf_broker` process to leak system memory. Over time, this memory leak could cause the `enf_broker` process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device.  The CVSS score of this vulnerability is **8.6**.\n\n## CVE-2021-1296, CVE-2021-1297\n\nThese vulnerabilities, identified by **CVE-2021-1296** and **CVE-2021-1297** [3], are due to insufficient input validation in the web-based management interface of Cisco Small Business routers. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. The CVSS score of these vulnerabilities is **7.5**.\n\n# Affected products\n\nThe vulnerabilities **CVE-2021-1289**, **CVE-2021-1290**, **CVE-2021-1291**, **CVE-2021-1296** and **CVE-2021-1297** affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02 [1,3]:\n\n- RV160 VPN Router\n- RV160W Wireless-AC VPN Router\n- RV260 VPN Router\n- RV260P VPN Router with POE\n- RV260W Wireless-AC VPN Router\n\nThe following software released are vulnerable to at least one of the two vulnerabilities **CVE-2021-1288** and **CVE-2021-1313** [2]:\n\n- Cisco IOS XR Software Release 5.0\n- Cisco IOS XR Software Release 6.0, before 6.0.2\n\n# Recommendations\n\nIt is recommended to apply the patches from Cisco for all affected software and products.\n\n# References\n\n[1] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>\n\n[2] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2>\n\n[3] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>04/02/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Cisco has published an advisory about several vulnerabilities affecting various Cisco Products [1-3]. These vulnerabilities could lead to <strong>remote code execution</strong>, <strong>privilege escalation</strong>, <strong>directory traversal</strong>, <strong>file overwrite</strong> or <strong>denial of service</strong>. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.</p><h2 id=\"technical-details\">Technical Details</h2><p>This advisory only describes the most critical vulnerabilities disclosed by Cisco.</p><h3 id=\"cve-2021-1289-cve-2021-1290-cve-2021-1291\">CVE-2021-1289, CVE-2021-1290, CVE-2021-1291</h3><p>The first group of vulnerabilities, identified by <strong>CVE-2021-1289</strong>, <strong>CVE-2021-1290</strong> and <strong>CVE-2021-1291</strong> [1], exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. The CVSS score of these vulnerabilities is <strong>9.8</strong></p><h3 id=\"cve-2021-1288-cve-2021-1313\">CVE-2021-1288, CVE-2021-1313</h3><p>The first vulnerability of this group, identified by <strong>CVE-2021-1288</strong> [2], is due to a logic error that occurs when an affected device processes Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the <code>enf_broker</code> process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device. The CVSS score of this vulnerability is <strong>8.6</strong>.</p><p>The second vulnerability, identified by <strong>CVE-2021-1313</strong> [2], is due to improper resource allocation when an affected device processes either ICMP or Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the <code>enf_broker</code> process to leak system memory. Over time, this memory leak could cause the <code>enf_broker</code> process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device. The CVSS score of this vulnerability is <strong>8.6</strong>.</p><h3 id=\"cve-2021-1296-cve-2021-1297\">CVE-2021-1296, CVE-2021-1297</h3><p>These vulnerabilities, identified by <strong>CVE-2021-1296</strong> and <strong>CVE-2021-1297</strong> [3], are due to insufficient input validation in the web-based management interface of Cisco Small Business routers. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. The CVSS score of these vulnerabilities is <strong>7.5</strong>.</p><h2 id=\"affected-products\">Affected products</h2><p>The vulnerabilities <strong>CVE-2021-1289</strong>, <strong>CVE-2021-1290</strong>, <strong>CVE-2021-1291</strong>, <strong>CVE-2021-1296</strong> and <strong>CVE-2021-1297</strong> affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02 [1,3]:</p><ul><li>RV160 VPN Router</li><li>RV160W Wireless-AC VPN Router</li><li>RV260 VPN Router</li><li>RV260P VPN Router with POE</li><li>RV260W Wireless-AC VPN Router</li></ul><p>The following software released are vulnerable to at least one of the two vulnerabilities <strong>CVE-2021-1288</strong> and <strong>CVE-2021-1313</strong> [2]:</p><ul><li>Cisco IOS XR Software Release 5.0</li><li>Cisco IOS XR Software Release 6.0, before 6.0.2</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended to apply the patches from Cisco for all affected software and products.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}