Three of the biggest vendors of networking and data centre equipment – Cisco Systems, SonicWall and VMware – have issued security updates to fix serious vulnerabilities in their products.
IT administrators are urged to install these patches as soon as possible before threat actors develop exploits to take advantage of them.
Cisco
Cisco issued no fewer than 31 patches for products this week, many for its IOS XE operating system.
One of them, CVE-2021-34770, for the Catalyst 9000 Family Wireless Controllers, is rated critical.
“The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets,” Cisco’s advisory says. “An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.”
Vulnerable products include
–Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
–Catalyst 9800 Series Wireless Controllers
–Catalyst 9800-CL Wireless Controllers for Cloud
–Embedded Wireless Controller on Catalyst Access Points.
SonicWall
SonicWall reported a critical arbitrary file delete vulnerability in its SMA 100 series appliances. These include the SMA 200, 210, 400, 410 and 500v devices.
The vulnerability (SNWLID-2021-0021 in SonicWall’s parlance, or CVE-2021-20034 ) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’ As a result a remote attacker could obtain administrator access on the underlying host.
So far, SonicWall said, there is no evidence this vulnerability is being exploited in the wild. Still, it “strongly urges” administrators to immediately install the patch.
VMware
VMware issued an alert about vulnerabilities in vCenter Server 6.5, 6.7, and 7.0. “This needs your immediate attention,” technical marketing expert Bob Plankers said in a blog.
“These updates fix a critical security vulnerability, and your response needs to be considered at once,” he said. “Organizations that practice change management using the ITIL (Information Technology Infrastructure Library) definitions of change types would consider this an ’emergency change.’ All environments are different, have different tolerance for risk, and have different security controls & defense-in-depth to mitigate risk, so the decision on how to proceed is up to you. However, given the severity, we strongly recommend that you act.”
“The most urgent addresses CVE-2021-22005, a file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.”
The other issues, he added, have lower CVSS scores but still may be usable to an attacker that is already inside your organization’s network.