According to a 20 September US-CERT security alert, the three bugs consist of a privilege escalation vulnerability in the Unified Customer Voice Portal (CVP), and DoS bugs in the Email Security Application and various Small Business Managed Switches.
The CVP bug (CVE-2017-12214) resides specifically within the product's Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality, and is the result of improper input validation. A Cisco security advisory reports that attackers can exploit this flaw to gain administrator privileges "by authenticating to the OAMP and sending a crafted HTTP request." Version 11.6 of the portal software fixes this problem.
The DoS flaw in the Email Security Application (CVE-2017-12215) is due to improper input validation by the AsyncOS operating system's message filtering feature. Unauthenticated, remote attackers can exploit this bug using email attachments that contain corrupted fields designed to trigger the erroneous validation. Consequently, the device runs out of memory, causing the filtering process to repeatedly crash. A Cisco security advisory reports that version 9.7.2-065 resolves this problem.
Finally, the DoS vulnerability in Cisco's Small Business Managed Switches (CVE-2017-6720) is found in the Secure Shell (SSH) subsystem of the following products:
- Cisco Small Business 300 Series Managed Switches
- Cisco Small Business 500 Series Stackable Managed Switches
- Cisco 350 Series Managed Switches
- Cisco 350X Series Stackable Managed Switches
- Cisco 550X Series Stackable Managed Switches
- Cisco ESW2 Series Advanced Switches
A Cisco advisory reports that the flaw results from the improper processing of SSH connections, and that authenticated remote attackers can trigger a DoS condition by "logging in to an affected switch via SSH and sending a malicious SSH message," causing a reload of the affected switch. The affected switch products listed above are fixed with the release of either version 1.4.8.06 or version 18.104.22.168.