Make in India WAF
Make in India WAF Empowering Web Security with ‘Make in India’ Pride Prophaze navigates the complexities of the digital age,
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
No upgrade action is necessary for customers who have already applied a recommended release to address the March 2019 Cisco FXOS and NX-OS Software bundle. See
Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication for a list of advisories in the bundle.
Customers who have not applied a recommended release to address the March 2019 bundle are advised to upgrade to an appropriate release as indicated in the applicable table in this section. In the following tables, the left column lists Cisco NX-OS Software releases. The right column indicates the first release that includes the fix for this vulnerability.
MDS 9000 Series Multilayer Switches: CSCvi99248
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
5.2
6.2(25)
6.2
6.2(25)
7.3
8.3(2)
8.1
8.3(2)
8.2
8.3(2)
8.3
8.3(2)
Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvh24771
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
Prior to 7.0(3)I7
7.0(3)I7(3)
7.0(3)I7
7.0(3)I7(3)
9.2(1)
Not vulnerable
Nexus 3500 Platform Switches: CSCvi99250
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
Prior to 6.0(2)A8
6.0(2)A8(11)
6.0(2)A8
6.0(2)A8(11)
7.0(3)
7.0(3)I7(3)
9.2
Not vulnerable
Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvi99247
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
7.0(3)
9.2(1)
9.2
9.2(1)
Nexus 5500, 5600, and 6000 Series Switches: CSCvi99251
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
Prior to 7.3
7.3(4)N1(1)
7.3
7.3(4)N1(1)
Nexus 7000 and 7700 Series Switches: CSCvi99248
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
Prior to 6.2
6.2(22)
6.2
6.2(22)
7.2
7.3(3)D1(1)
7.3
7.3(3)D1(1)
8.0
8.2(3)
8.1
8.2(3)
8.2
8.2(3)
8.3
8.3(2)
UCS 6200, 6300, and 6400 Series Fabric Interconnects: CSCvi99252 and CSCvn11851
Cisco NX-OS Software Release
First Fixed Release for This Vulnerability
Prior to 4.0
4.0(1d)
4.0
4.0(1d)
Additional Resources
For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance.
Cisco MDS Series SwitchesCisco Nexus 1000V for VMware SwitchCisco Nexus 3000 Series and 3500 Series SwitchesCisco Nexus 5000 Series SwitchesCisco Nexus 5500 Platform SwitchesCisco Nexus 6000 Series SwitchesCisco Nexus 7000 Series SwitchesCisco Nexus 9000 Series SwitchesCisco Nexus 9000 Series ACI-Mode Switches
For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device.
Secure Your Website in 15 Minutes
[vc_row css=”.vc_custom_1619107488485{padding-top: 20px !important;padding-bottom: 5px !important;background-color: #1e73be !important;}”][vc_column][vc_row_inner][vc_column_inner][vc_column_text][/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row css=”.vc_custom_1618908097174{background-color: #11213d !important;}”][vc_column][vc_column_text css_animation=”none” css=”.vc_custom_1618819492860{margin-top: px !important;padding-top: 30px !important;padding-right: 20px !important;padding-bottom: 30px
Prophaze WAF
[vc_row css=”.vc_custom_1619107488485{padding-top: 20px !important;padding-bottom: 5px !important;background-color: #1e73be !important;}”][vc_column][vc_row_inner][vc_column_inner][vc_column_text][/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row css=”.vc_custom_1618908097174{background-color: #11213d !important;}”][vc_column][vc_column_text css_animation=”none” css=”.vc_custom_1618819492860{margin-top: px !important;padding-top: 30px !important;padding-right: 20px !important;padding-bottom: 30px
Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.Details about the vulnerabilities are as follows.
Cisco AnyConnect Secure Mobility Client for Windows Uninstall Executable Hijacking Vulnerability
A vulnerability in the uninstall process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the uninstall process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvv43102, CSCvv60844CVE ID(s): CVE-2021-1426Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerabilities
Two vulnerabilities in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
These vulnerabilities exist because the application loads a DLL file from a user-writable directory. An attacker could exploit these vulnerabilities by copying a malicious DLL file to a specific directory. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvw16996, CSCvw17005CVE ID(s): CVE-2021-1427, CVE-2021-1428Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Cisco AnyConnect Secure Mobility Client for Windows Upgrade Executable Hijacking Vulnerability
A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvw18527CVE ID(s): CVE-2021-1429Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerability
A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvw18595CVE ID(s): CVE-2021-1430Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Cisco AnyConnect Secure Mobility Client for Windows Install Executable Hijacking Vulnerability
A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.
This vulnerability exists because the application loads an executable file from a user-writable directory. An attacker could exploit this vulnerability by copying a malicious executable file to a specific directory, which would be executed when the application is installed or upgraded. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvu77671CVE ID(s): CVE-2021-1496Security Impact Rating (SIR): HighCVSS Base Score: 7.0CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Cisco SD-WAN vManage Software Vulnerabilities
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.Several of the vulnerabilities below only impact Cisco SD-WAN vManage Software that is operating in a cluster. Customers can verify whether the software is operating in cluster mode by checking the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view. Customers should also refer to the Cisco SD-WAN Getting Started Guide chapter on Cluster Management.
Details about the vulnerabilities are as follows:
CVE-2021-1468: Cisco SD-WAN vManage Cluster Mode Unauthorized Message Processing Vulnerability
A vulnerability in a messaging service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an unauthenticated, remote attacker to send unauthorized messages to the vulnerable application.
This vulnerability is due to improper authentication checks on user-supplied input to an application messaging service. An attacker could exploit this vulnerability by submitting crafted input to the service. A successful exploit could allow the attacker to call privileged actions within the affected system, including creating new administrative level user accounts.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28454CVE ID: CVE-2021-1468Security Impact Rating (SIR): CriticalCVSS Base Score: 9.8CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1505: Cisco SD-WAN vManage Cluster Mode Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and gain elevated privileges within an affected system.
This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28390CVE ID: CVE-2021-1505Security Impact Rating (SIR): CriticalCVSS Base Score: 9.1CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-1508: Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to bypass authorization checking and make application modifications that could allow the attacker to gain elevated privileges within an affected system. This vulnerability exists because the affected software does not perform authorization checks on certain operations. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain elevated privileges within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE ID: CVE-2021-1508
Security Impact Rating (SIR): High
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-1275: Cisco SD-WAN vManage Denial of Service Vulnerability
A vulnerability in an API of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system.
The vulnerability is due to insufficient handling of API requests to the affected system. An attacker could exploit this vulnerability by sending a large amount of API requests to the affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvv67264CVE ID: CVE-2021-1275Security Impact Rating (SIR): HighCVSS Base Score: 7.5CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-1506: Cisco SD-WAN vManage Cluster Mode Unauthorized Services Access Vulnerability
A vulnerability in a service of Cisco SD-WAN vManage Software when operating in cluster mode could allow an authenticated, remote attacker to gain unauthorized access to services within an affected system. This vulnerability exists because the affected software does not perform authorization checks on service access. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to bypass authorization checks and gain unauthorized access to services within the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28402CVE ID: CVE-2021-1506Security Impact Rating (SIR): HighCVSS Base Score: 7.2CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
FAQ
FAQ Most frequent questions and answers Does it supports both SAAS and On premise deployment? Being developed on modern architecture
OWASP TOP 10
OWASP TOP 10 OWASP Top 10 Web Application Vulnerabilities’ Mitigation using Prophaze WAF Prophaze web application firewall (WAF) that protects
Google Cloud
Google Cloud Prophaze with GCP Cloud Platform Prophaze runs natively within Kubernetes Virtual Private Clouds on Google Cloud. It also
E-Commerce
E-Commerce Prophaze WAF Safeguard Customer Data and Prevent Cyberattacks Prophaze WAF can be easily configurable in either blacklist/whitelist approaches which
RASP
Runtime Application Self-Protection (RASP) Runtime Application Self-Protection (RASP) does protect itself from many vulnerabilities in the enterprise by identifying and blocking
Preparation Phase, Identification Phase and Analyze Phase
Preparation Phase The significance of adequately utilizing the preparation phase in respect of virtual patching can’t be overstated. Before dealing
PATCH MANAGEMENT
Patch Management is a strategic process of acquiring, testing, and installing updated software. But, most of the companies find themselves comply
Introduction to Virtual Patching
“Virtual Patching” is a term that was initially used by Intrusion Prevention System vendors many years ago. It is also
Vulnerability Assessment and Penetration Testing (VAPT)
Why would your Business need VAPT? It is very necessary to conduct a network security audit periodically to ensure the
WAF for Kubernetes – Fighting AI with AI
WAF for Kubernetes Unleash Your Online Potential with Our Innovative Web Solutions Prophaze meets the challenge head-on to successfully defend
tab 3
[vc_row][vc_column width=”1/3″][vc_column_text] Enterprise Let’s talk Over 1 M web requests per month. This plan is for enterprises with large scale
tab 1
[vc_row][vc_column width=”1/3″][vc_column_text] Free $0 / mo Up to 100,000 web requests per month. This plan is ideal for web developers,
TERMS OF SERVICE
TERMS OF SERVICE (SAAS) PROPHAZE INDIA PVT. LTD. AND/OR ITS AFFILIATES (“PROPHAZE”) IS WILLING TO GRANT ACCESS TO THE SAAS
About
About Us Introduction To Prophaze Prophaze is Redefining cloud security with an all-in-one solution that provides proactive and adaptive cybersecurity
Integrations
Integrations Streamline Your Security Infrastructure with Prophaze WAF Integration Prophaze web application firewall is designed to protect web applications from
Virtual Patching
Virtual Patching Prophaze WAF’s Mitigating Vulnerabilities in Web Applications Prophaze WAF’s virtual patching features in mitigating vulnerabilities of web applications.
Compliance
Compliance Ensuring Regulatory Compliances and Best Practices E-commerce, FinTech, Health Tech, and organizations that process PII and PHI data find
Why Prophaze?
Why Prophaze? Prophaze’s solutions are designed to protect their web applications and APIs against a variety of risks, including both