Category : Network security
If you are a user of CISCO 900 Series Routers, Cloud-Based Network Management Platform and Prime Home Servers of CISCO, you are at risk. Two critical security vulnerabilities have been discovered by security researchers which are affecting these products of CISCO. To fix these security vulnerabilities an emergency update has been released CISCO. Both the security vulnerabilities are allowing hackers to perform various cyber-attacks.
Some Information about Both Vulnerabilities
According to the company, they came to know about two security vulnerabilities and after investigation they found that attacker can exploit these vulnerabilities to hijack servers and routers of users. Hackers can use compromised routers and servers to perform Distributed Denial of Service (DDoS Attack) against big companies. Since the owner of Mirai Botnet has leaked its original source code, DDoS Attacks are happening every day. Dyn DNS DDoS Attack is one of its biggest examples. CISCO released an immediate update to fix the vulnerabilities.
First security vulnerability CVE-2016-6441 has been tracked by security researchers in CISCO ASR 900 Series routers. It is an arbitrary remote code execution vulnerability which is related to TL1 (Transaction Language 1) code of the router. Hackers could exploit this security issue to execute remote commands in the router. By sending malicious codes, hackers could also infect all the devices which are connected to that router.
Reason Behind it?
The current software of CISCO ASR 900 Series Routers is performing an incomplete bound check action on input data. It is possible to exploit this security issue by sending a specially crafted malicious code in TL1 port of the router. The malicious code will force the device to perform a reload. In the same way, attackers could also send remote commands to the router to hijack the whole network of the affected system.
The second vulnerability CVE-2016-6452 is related to Web Based graphical user interface of CISCO Prime Home servers. It is an authentication bypass vulnerability which could be exploited by remote hackers to gain admin level privileges of the server. Hackers could exploit this vulnerability by sending a special crafted malicious HTTP request to a specific URL. This URL will allow an attacker to set up a valid session identifier for a remote attacker. When victim will access the server, an attacker could hijack the server by gaining access through a session identifier.
Reason Behind it?
The current RBAC (Role Based Access Control) system of Cisco Prime Home Servers has some processing issue. This issue is beneficial for the attacker because he could set up a session identifier by sending a specially crafted HTTP request to a particular URL. Hacker could get root level privileges of targeted servers and they can change its settings for their personal benefits.
Proudly Operated from India
© 2016 Copyrights. All Rights Reserved