Cisco releases the security updates to fix RCE flaw in Cisco IOS XE Software

On March 28, 2018, Cisco has released several updates to address vulnerabilities affecting Cisco IOS XE Software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

• Cisco IOS XE Software Static Credential Vulnerability
  A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.

  The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.

  Affected products
  Cisco Prime Collaboration Provisioning (PCP) Software Release 11.6Solutions

  Download the patch here

• Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
  A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.

  The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:
  

  • Triggering a reload of the device
  • Allowing the attacker to execute arbitrary code on the device
  • Causing an indefinite loop on the affected device that triggers a watchdog crash

  
  Affected products
  Cisco IOS or IOS XE Software and have the Smart Install client feature enabled
  Solutions

  Download the patch here

• Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
  A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

  The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.
  Affected products
  Cisco IOS Software or Cisco IOS XE Software
  Solutions

  Download the patch here