Day: May 5, 2021

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco SD-WAN vManage Software releases 20.4.1 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco Video Surveillance 8000 Series IP Camera firmware releases 1.0.9-11 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
To download the firmware from the Software Center on Cisco.com, do the following:

Click Browse all.
Choose Connected Safety and Security > Video Surveillance IP Cameras > Video Surveillance 8000 Series IP Cameras.
Choose the appropriate IP camera model.
Click Video Surveillance 8000 Series IP Camera Firmware.
Choose a release from the left pane of the product page.

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases
Cisco fixed this vulnerability in Cisco Enterprise NFVIS releases 4.5.1 and later.
Customers can download Cisco Enterprise NFVIS from the Software Center on Cisco.com by doing the following:

Click Browse all.
Choose Routers > Network Functions Virtualization > Enterprise NFV Infrastructure Software > NFV Infrastructure Software.
Access releases by using the left pane of the Enterprise NFV Infrastructure Software page.

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.Several of the vulnerabilities below only impact Cisco SD-WAN vManage Software that is operating in a cluster. Customers can verify whether the software is operating in cluster mode by checking the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view. Customers should also refer to the Cisco SD-WAN Getting Started Guide chapter on Cluster Management.
Details about the vulnerabilities are as follows:
CVE-2021-1468: Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing Vulnerability

A vulnerability in a messaging service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an unauthenticated, remote attacker to send unauthorized messages to the vulnerable application.
This vulnerability is due to improper authentication checks on user-supplied input to an application messaging service. An attacker could exploit this vulnerability by submitting crafted input to the service. A successful exploit could allow the attacker to call privileged actions within the affected system, including creating new administrative level user accounts.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28454CVE ID: CVE-2021-1468Security Impact Rating (SIR): CriticalCVSS Base Score: 9.8CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and gain elevated privileges within an affected system.

This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28390CVE ID: CVE-2021-1505Security Impact Rating (SIR): CriticalCVSS Base Score: 9.1CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-1508: Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and make application modifications that could allow the attacker to gain elevated privileges within an affected system. This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE ID: CVE-2021-1508
Security Impact Rating (SIR): High
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2021-1275: Cisco SD-WAN vManage Denial of Service Vulnerability

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system.
The vulnerability is due to insufficient handling of API requests to the affected system. An attacker could exploit this vulnerability by sending a large amount of API requests to the affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvv67264CVE ID: CVE-2021-1275Security Impact Rating (SIR): HighCVSS Base Score: 7.5CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-1506: Cisco SD-WAN vManage Cluster Mode Unauthorized Services Access Vulnerability

A vulnerability in a service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to gain unauthorized access to services within an affected system. This vulnerability exists because the affected software does not perform authorization checks on service access. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain unauthorized access to services within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu28402CVE ID: CVE-2021-1506Security Impact Rating (SIR): HighCVSS Base Score: 7.2CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Messaging Server. However, a firmware patch is available. 
To download the firmware patch from the Software Center on Cisco.com, do the following:

Click Browse all.
Choose Unified Communications > Cloud Calling > BroadWorks > BroadWorks Messaging Server 22.0.
Choose Application Patches > 22.0 > 22.0.2021-03.
Select AP.ums.22.0.1123.ap378900.

For information about fixed software releases, see the Details section in the bug ID(s) at the top of this advisory.

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability.

Cisco SD-WAN Software Release
First Fixed Release

Earlier than 18.4
Migrate to a fixed release.

18.4
18.4.6

19.2
19.2.3

20.1
20.1.2

20.3
20.3.1

20.4
20.4.1

20.5
20.5.1

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco Small Business RV Series Routers firmware releases 1.0.03.21 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
To download the firmware from the Software Center on Cisco.com, do the following:

Click Browse all.
Choose Routers  > Small Business Routers  > Small Business RV Series Routers.
Choose the appropriate router.
Choose Small Business Router Firmware.
Choose a release from the left pane of the product page.

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.Details about the vulnerabilities are as follows.
Cisco AnyConnect Secure Mobility Client for Windows Uninstall Executable Hijacking Vulnerability

A vulnerability in the uninstall process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the uninstall process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvv43102, CSCvv60844CVE ID(s): CVE-2021-1426Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerabilities 

Two vulnerabilities in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
These vulnerabilities exist because the application loads a DLL file from a user-writable directory. An attacker could exploit these vulnerabilities by copying a malicious DLL file to a specific directory. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Bug ID(s): CSCvw16996, CSCvw17005CVE ID(s): CVE-2021-1427, CVE-2021-1428Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade Executable Hijacking Vulnerability 

A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvw18527CVE ID(s): CVE-2021-1429Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerability 

A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvw18595CVE ID(s): CVE-2021-1430Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Install Executable Hijacking Vulnerability

A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because the application loads an executable file from a user-writable directory. An attacker could exploit this vulnerability by copying a malicious executable file to a specific directory, which would be executed when the application is installed or upgraded. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu77671CVE ID(s): CVE-2021-1496Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s):

Cisco Unified Communications Manager IM & Presence Service Release
First Fixed Release

Earlier than 10.5
None.

10.5
None.

11.0
Migrate to 11.5(1)SU9.

11.5
11.5(1)SU9

12.0
Migrate to 12.5(1)SU4.

12.5
12.5(1)SU4

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco Content SMA, ESA, and WSA releases that were running Cisco AsyncOS Software releases 14.0 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s). To ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories:

Cisco SD-WAN vManage Software Release
First Fixed Release for This Vulnerability
First Fixed Release for All Vulnerabilities Described in the Collection of Advisories

Earlier than 18.4
Migrate to a fixed release.
Migrate to a fixed release.

18.4
Migrate to a fixed release.
Migrate to a fixed release.

19.2
Migrate to a fixed release.
Migrate to a fixed release.

19.3
Migrate to a fixed release.
Migrate to a fixed release.

20.1
Migrate to a fixed release.
Migrate to a fixed release.

20.3
20.3.1
Migrate to a fixed release.

20.4
20.4.1
20.4.1

20.5
20.5.1
20.5.1

When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Fixed Releases
At the time of publication, Cisco AnyConnect Secure Mobility Client for Windows, MacOS, and Linux releases 4.10.00093 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
To download the software from the Software Center on Cisco.com, do the following:

Click Browse all.
Choose Security  > VPN and Endpoint Security Clients  > Cisco VPN Clients  > AnyConnect Secure Mobility Client  > AnyConnect Secure Mobility Client v4.x.
Choose the release from the left pane of the AnyConnect Secure Mobility Client v4.x page.

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s). To ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories:

Cisco SD-WAN vEdge Software Release
First Fixed Release for These Vulnerabilities
First Fixed Release for All Vulnerabilities Described in the Collection of Advisories

Earlier than 18.4
Migrate to a fixed release.
Migrate to a fixed release.

18.4
Migrate to a fixed release.
Migrate to a fixed release.

19.2
Migrate to a fixed release.
Migrate to a fixed release.

20.1
Migrate to a fixed release.
Migrate to a fixed release.

20.3
Migrate to a fixed release.
Migrate to a fixed release.

20.4
20.4.1
20.4.1

20.5
20.5.1
20.5.1