Monday, October 25, 2021

Cisco Systems, SonicWall and VMware issue important patches

Three of the biggest vendors of networking and data centre equipment – Cisco Systems, SonicWall and VMware – have issued security updates to fix serious vulnerabilities in their products.

IT administrators are urged to install these patches as soon as possible before threat actors develop exploits to take advantage of them.

Cisco

Cisco issued no fewer than 31 patches for products this week, many for its IOS XE operating system.

One of them, CVE-2021-34770, for the Catalyst 9000 Family Wireless Controllers, is rated critical.

“The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets,” Cisco’s advisory says. “An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.”

Vulnerable products include

–Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches

–Catalyst 9800 Series Wireless Controllers

–Catalyst 9800-CL Wireless Controllers for Cloud

–Embedded Wireless Controller on Catalyst Access Points.

SonicWall

SonicWall reported a critical arbitrary file delete vulnerability in its SMA 100 series appliances. These include the SMA 200, 210, 400, 410 and 500v devices.

The vulnerability (SNWLID-2021-0021 in SonicWall’s parlance, or CVE-2021-20034 ) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’ As a result a remote attacker could obtain administrator access on the underlying host.

So far, SonicWall said, there is no evidence this vulnerability is being exploited in the wild. Still, it “strongly urges” administrators to immediately install the patch.

VMware

VMware issued an alert about vulnerabilities in vCenter Server 6.5, 6.7, and 7.0. “This needs your immediate attention,” technical marketing expert Bob Plankers said in a blog.

“These updates fix a critical security vulnerability, and your response needs to be considered at once,” he said. “Organizations that practice change management using the ITIL (Information Technology Infrastructure Library) definitions of change types would consider this an ’emergency change.’ All environments are different, have different tolerance for risk, and have different security controls & defense-in-depth to mitigate risk, so the decision on how to proceed is up to you. However, given the severity, we strongly recommend that you act.”

“The most urgent addresses CVE-2021-22005, a file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.”

The other issues, he added, have lower CVSS scores but still may be usable to an attacker that is already inside your organization’s network.

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News