ngCERT - Nigerian Computer Emergency Response Team-ALERT AND WARNING UNIT
Security Advisory Vulnerability

Severity: High

Vulnerabilities in Cisco IOS XR and Cisco Jabber


Vulnerabilities in Cisco IOS XR and Cisco Jabber
Probability: High

Advisory ID: ngCERT-2016-0001
Version: 1.00
Probability: high
CVE ID:
CVE-2015-6409, CVE-2015-6432
(http://cve.mitre.org/cve/)

Damage:

high

Decrypt Network Traffic

Denial of Service

Publication Date: 05-JAN-2015
Affected Product(s): Cisco Jabber
Affected Plateform(s): Cisco IOS XR Software

Summary:

A vulnerability in Open Shortest Path First (OSPF) Link State Advertisement (LSA) handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

A vulnerability in the Cisco Jabber client could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack.

Consequences:

Denial of Service to Cisco IOS XR Software

Information leakage in Cisco Jabber

Description:

The vulnerability in Cisco IOS XR is due to the number of OSPF Path Computation Elements (PCEs) that are configured for an OSPF LSA opaque area update. An attacker could exploit this vulnerability by sending a crafted OSPF LSA update to an affected device that is running the vulnerable software and OSPF configuration. A successful exploit could allow the attacker to cause a DoS condition due to the OSPF process restarting when the crafted OSPF LSA update is received.

The vulnerability in Cisco Jabber exists because the client does not verify that an Extensible Messaging and Presence Protocol (XMPP) connection has been established with Transport Layer Security (TLS). An attacker could exploit this vulnerability by performing a man-in-the-middle attack to tamper with the XMPP connection and avoid TLS negotiation. A successful exploit could allow the attacker to cause the client to establish a cleartext XMPP connection.

Solution:

Cisco has released software updates that address both vulnerabilities.

However a workaround the for the Cisco IOS XR Vulnerability will be to verify that no more than 10 PCEs are configured in a single OSPF area.

To Get Updates Cisco Advises;

Customers with Service Contracts: Customers with contracts should obtain software through their regular update channels eg Through Software Navigator at http://www.cisco.com/cisco/software/navigator.html Customers Using Third-Party Support Organizations: The effectiveness of any workaround or fix depends on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Because of the variety of affected products and releases, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed.

Customers Without Service Contracts: obtain software patches and bug fixes by contacting the Cisco Technical Assistance Center (TAC): +32 2 704 5555 or e-mail: tac@cisco.com Visit http://www.cisco.com/c/en/us/support/web /tsd-cisco-worldwide-contacts.html for more contact information Customers should have the product serial number available and be prepared to provide the URL of the Cisco advisory ( usually in the hyperlinks section of this advisory) as evidence of entitlement to a software patch or bug fix.

Hyperlinks:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
https://cert.gov.ng


image
Security Alert

& Advisory

Read More image
image
We Love to

Hear From You

Send Your Enquiry Here image
Join Our Newsletter