Advisories

1.0 Introduction

On May 3, 2023, Cisco released an advisory to address a critical vulnerability in the web-based management system of the Cisco SPA112 2-Port Phone Adapters. The vulnerability is tracked as CVE-2023-20126 and has a CVSS score of 9.8.

2.0 Impact
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters
could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges.

There are currently no reports yet of an active exploitation of this vulnerability.

3.0 Affected Products
This vulnerability affects all firmware releases for Cisco SPA112 2-Port Phone Adapters.

Moreover, Cisco has not released and will not release firmware updates to address the vulnerability, because Cisco SPA112 2-Port Phone Adapters have entered the end of-life process and are no longer supported.

4.0 Recommendations
MyCERT encourage constituents to discontinue using the product, as well as verify if any other similar – possibly also no longer supported – products are in use.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://cert.europa.eu/static/security-advisories/CERT-EU-SA2023-026.pdf
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
• https://www.bleepingcomputer.com/news/security/cisco-phone-adapters-vulnerable-to-rce-attacks-no-fix-available/

1.0 Introduction

Recently, Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling Labs, StarOS Software, and BroadbandWorks Network Server.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

• Industrial Network Director (IND) 
• Modeling Labs
• StarOS Software
• BroadbandWorks Network Server.

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

• Industrial Network Director cisco-sa-ind-CAeLFk6V : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V
• Modeling Labs cisco-sa-cml-auth-bypass-4fUCCeG5 : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5
• IOS and IOS XE cisco-sa-20170629-snmp : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
• StarOS cisco-sa-staros-ssh-privesc-BmWeJC3h : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h
• BroadWorks Network Server cisco-sa-bw-tcp-dos-KEdJCxLs : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/news-events/alerts/2023/04/21/cisco-releases-security-advisories-multiple-products

1.0 Introduction

Recently, Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. 

2.0 Impact
A remote attacker could exploit this vulnerability to cause a denial-of-service condition. A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.

This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

3.0 Affected Products

• IP Phone 8800 Series (except Cisco Wireless IP Phone 8821)
• IP Phone 7800 Series

4.0 Recommendations
MyCERT encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
• https://www.cisa.gov/uscert/ncas/current-activity/2022/12/09/cisco-releases-security-advisory-ip-phone-7800-and-8800-series

1.0 Introduction

Recently, Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE).

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files.

3.0 Affected Products
Cisco Identity Services Engine (ISE)

4.0 Recommendations
For updates addressing vulnerabilities, see the Cisco Security Advisories page.   

MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco Identity Services Engine Insufficient Access Control Vulnerability
• Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/16/cisco-releases-security-updates-identity-services-engine

1.0 Introduction

Recently, Cisco has released security updates to address vulnerabilities in multiple Cisco products.

2.0 Impact
A remote attacker could exploit?some?of these vulnerabilities to take control of an affected system.

3.0 Affected Products
•    Cisco Adaptive Security Appliance Software
•    Cisco Secure Firewall 3100 Series
•    Cisco Firepower Threat Defense Software
•    Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

•    Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability cisco-sa-ssl-client-dos-cCrQPkA
•    Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability cisco-sa-fw3100-secure-boot-5M8mUh26
•    Cisco Firepower Threat Defense Software Generic Routing Encapsulation Denial of Service Vulnerability cisco-sa-ftd-gre-dos-hmedHQPM
•    Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability cisco-sa-fmcsfr-snmp-access-6gqgtJ4S
•    Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability cisco-sa-fmc-dos-OwEunWJN
•    Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability cisco-sa-asaftd-snmp-dos-qsqBNM6x
•    Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability cisco-sa-theseasa-ftd-dap-dos-GhYZBxDU

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/10/cisco-releases-security-updates-multiple-products

1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting multiple products.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Cisco is investigating its product line to determine which products and cloud services may be affected by these vulnerabilities. If a product or cloud offer is not explicitly listed in the advisory, it is not vulnerable.

4.0 Recommendations
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page

MyCERT encourages users and administrators to review the advisories and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://www.cisa.gov/uscert/ncas/current-activity/2022/11/03/cisco-releases-security-updates-multiple-products
• https://tools.cisco.com/security/center/publicationListing.x

1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting multiple products.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Multiple Cisco Routers, Switches and Access Points are known to be affected. 

4.0 Recommendations
Users and administrators are advised to review the advisories and apply the necessary updates.

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisco-releases-security-updates-multiple-products
• https://tools.cisco.com/security/center/publicationListing.x
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX#vp
   

1.0 Introduction
Recently, Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

3.0 Affected Products
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco SD-WAN vManage Software.

4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:

Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs

Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/08/cisco-releases-security-updates-multiple-products
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8
• https://tools.cisco.com/security/center/publicationListing.x
 

1.0 Introduction
Recently, Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. 

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

3.0 Affected Product
The affected Cisco product are ACI Multi-Site Orchestrator, FXOS, and NX-OS software

4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:

• ACI Multi-Site Orchestrator
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs

• FXOS
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9

• NX-OS
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/08/25/cisco-releases-security-updates-multiple-products
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu
• https://tools.cisco.com/security/center/publicationListing.x
 

1.0 Introduction

MyCERT received many inquiries on the safety and security aspects of video tele-conferencing (VTC) platforms such as Zoom, Microsoft Teams, Cisco Webex and several others. Ever since the Movement Control Order (MCO) was announced, many organizations and individuals shifted to VTC tools to communicate, conduct online classes and for business transactions.

Most VTC providers already enhanced their applications according to security reports as evaluated by security practitioners. It is user’s responsibility to choose a secure and safe VTC platform for web conferencing. As a precaution, MyCERT recommend the following general guidelines when using VTC.

2.0 Security Guidelines

A. All VTC User

1. Use the latest version of VTC and security software
   • Only download software from its official website or official app store.
   • Update regularly the software to its latest version.
   • Update operating system and security software on desktop computers, mobile devices, frequently.

2. Never share confidential information during a meeting
   • Avoid discussing any confidential information to prevent leakage.
   • Enable non-recordable videos and audios, and limit file sharing.

3. Protect VTC account and watch for suspicious account activity
   • Create a strong password for the account.
   • If something is suspicious, log out from clients VTC. If you lost your computer or mobile phone, log out from all clients immediately and change your login password.
   • Do not share or publish the conference ID and URL sent by the organizer
   • Log out from the application when you finish the meeting.

B. Unit hosting the Meeting

1. Protect meeting privacy and prevent illegal intruders
   • Share the meeting ID and website only with intended participants. Never share it on social media or public online platforms
   • Create a high-intensity meeting password and send the meeting URL to participants separately
   • Use the pre-registration function to monitor list of participants
   • Disable "Join before Host" option to ensure the host is present before other participants join the meeting. This enables the host to identify participants in advance
   • Utilize the waiting room function to monitor participants log in
   • Lock the meeting immediately after all participants join the meeting
   • Enable the sharing screen to "Only Host" and when necessary only, enable this function to participants
2. Monitoring meeting
   • Use another device to log in as participant
   • Monitor any inappropriate content shared by participants, remove inappropriate information and unidentified participant
   • Ensure all participants to log out before the main host end the session.
3. Ensure participants safety and privacy during video conference
   • Notify all participants in advance if recording is required
   • If the recording contains sensitive information, do not save it in the cloud. Save the recording on a personal computer, with restricted access and sharing
4. Secure your account Personal Meeting ID
   • This ID can be linked to your VTC account for personal use only
   • Do not share this ID or use it in general meetings
5. Develop security policy for web conferences
   • Organization is advised to develop security policy for employees to follow when hosting and participating in online meetings
   • This policy should include VTC usage and safety guidelines

For additional references, the following websites also provide detailed guidelines on Online Video Tele-conferencing:

• https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom
• https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/
• https://www.forbes.com/sites/kateoflahertyuk/2020/04/03/use-zoom-here-are-7-essential-steps-you-can-take-to-secure-it/#3757da2a7ae1
• https://zoom.us/security
• https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview
• https://help.webex.com/en-us/8zi8tq/Cisco-Webex-Best-Practices-for-Secure-Meetings-Hosts
• https://help.webex.com/en-us/v5rgi1/Cisco-Webex-Best-Practices-for-Secure-Meetings-Site-Administration

In general, MyCERT advise all users and administrators of Online Video Tele-conferencing to follow latest security announcements by the vendor and adhere to security policies, according to best practices, to determine applicable updates.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my