Cisco warns of four critical vulnerabilities

Cisco has issued security alerts for a series of four critical vulnerabilities in the company's Cisco UCS Director and UCS Director Express for Big Data packages.

The four vulnerabilities each have a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System.

The authentication bypass vulnerabilities were found in the web-based management interface of the Cisco Integrated Management Controller, Cisco UCS Director and Cisco UCS Director Express for Big Data packages.

If exploited, they could allow unauthenticated, remote attackers to acquire valid session tokens with administrator privileges, bypassing user authentication, Cisco said.

Two of the vulnerabilities are due to insufficient request header validation during the authentication process, and allow attackers to take advantage of the bug by sending large volumes of malicious requests to an affected device.

A third is due to the presence of an undocumented default password for a documented user account, as well as incorrect permission settings for the account granting it the privileges of an scpuser account. This includes full read and write access to the system's database.

The final vulnerability is due to improper authentication request handling and can be exploited by sending crafted HTTP requests to affected devices.

There are no workarounds for three of the four vulnerabilities — only the one that involves the default password — but Cisco has released a patch addressing all four of these.

Cisco said its Product Security Incident Response Team is not aware of any instances of these vulnerabilities being exploited in the wild. They were uncovered during internal security testing.

Image credit: ©iStockphoto.com/Federico Caputo