Data Consult Blog Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)

Hello,On April 20th, Cisco released multiple advisories detailing security vulnerabilities that affect a wide range of their products including ASA firewall, Unified Communications Manager (CUCM), WLC and more. The vulnerabilities, if exploited, would allow an attacker to launch a denial-of-service (DoS) attack on the device, possibly resulting in service disruption.The vulnerabilities details and remedies are listed below.It is advised that you check if any component of your network is affected, and if so, to patch it the soonest to prevent a potential breach.libSRTP DoS Vulnerability (CVE-2015-6360):The vulnerability is in the encryption processing subsystem of libSRTP (a Secure Real-Time Transport Protocol -SRTP- library). It could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. Cisco released version 1.5.3 of libSRTP to address this issue which affects multiple products (including ASA, CUCM and IOS XE).ProductBugIDFixed ReleaseCollaboration and Social MediaCisco WebEx Meetings Server versions 1.xCSCux00729Cisco WebEx Meetings Server versions 2.xCSCux007292.6.1 and 2.7 (June 2016)Endpoint Clients and Client SoftwareCisco JabberCSCux0071111.6Network and Content Security DevicesCisco Adaptive Security Appliance (ASA) Software1CSCux006868.4.7.319.1.79.2.4.69.3.3.8Routing and Switching - Enterprise and Service ProviderCisco IOS XE Software2CSCux043173.14.3S3.13.5S3.16.2S3.10.7S3.17.1S3.15.3SVoice and Unified Communications DevicesCisco IP Phone 88x1 SeriesCSCux0070811.0(1)Cisco DX Series IP PhonesCSCux0069710.2(5)Cisco IP Phone 88x5 SeriesCSCux0074811.0(1)Cisco Unified 7800 Series IP PhonesCSCux0074211.0(1)Cisco Unified 8831 Series IP Conference PhoneCSCux01782Cisco Unified 8961 IP PhoneCSCux007079.4(2)SR3 (August 2016)Cisco Unified 9951 IP PhoneCSCux007079.4(2)SR3 (August 2016)Cisco Unified 9971 IP PhoneCSCux007079.4(2)SR3 (August 2016)Cisco Unified Communications Manager (UCM)CSCux0071610.5(2)SU3Cisco Unified Communications Manager Session Management Edition (SME)CSCux0071610.5(2)SU3Cisco Unified IP Phone 7900 SeriesCSCux007459.4(2)SR2Cisco Unified IP Phone 8941 and 8945 (SIP)CSCux01786Cisco Unified Wireless IP PhoneCSCux378021.4.8.4Cisco Unity Connection (UC)CSCux3556810.5(2)SU3ASA DHCPv6 Relay DoS Vulnerability (CVE-2016-1367):A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload.The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition.ProductBugIDAffected VersionsConditionFixed ReleaseASA 5500-X SeriesCSCus232489.4.1DHCPv6 relay feature is configured. Example:asa#show running-config ipv6 dhcprelayipv6 dhcprelay enable outside9.4(1.1)9.4(2)9.5(1)9.5(2)ASA Services Module for Catalyst 6500 and 7600 RoutersCisco Adaptive Security Virtual Appliance (ASAv)WLC Multiple DoS VulnerabilitiesCVE-2016-1363: WLC HTTP Parsing DoS VulnerabilityThe vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition. CVE-2016-1364: WLC Bonjour Task Manager DoS VulnerabilityA vulnerability in the Bonjour task manager of WLC could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software.CVE-2016-1362: WLC Management Interface DoS VulnerabilityThe vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface.ProductVulnerabilityCVEBugIDMajor ReleaseFirst Fixed Releasefor this VulnerabilityFirst Fixed Release for all 3 WLC VulnerabilitiesWLCHTTP Parsing DoSCVE-2016-1363CSCus25617pre-7.2not affected-7.28.0.132.08.0.132.07.38.0.132.07.47.4.140.0(MD)7.58.0.132.07.68.0.132.08.08.0.115.0(ED)8.1 and laternot affected-WLC Bonjour Task Manager DoSCVE-2016-1364CSCur66908pre-7.4not affected8.0.132.07.47.4.130.0(MD)7.58.0.132.07.68.0.132.08.08.0.110.08.1 and laternot affected-Management Interface DoSCVE-2016-1362CSCun867474.x8.0.132.08.0.132.05.x6.57.07.17.27.37.47.4.130(MD)7.58.0.132.07.67.6.120.08.0 and laternot affected---Elie Bassillinkedin.com/in/eliebassilSources:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtphttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlchttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrdhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdoshttp://www.unixmen.com/wp-content/uploads/2015/10/DoS.jpg