Cisco Fixes Network Analysis Modules

Monday, June 6, 2016 @ 11:06 AM gHale

Cisco patched high severity and medium vulnerabilities in its Prime Network Analysis Module (NAM) products.

NAM products are part of Cisco’s cloud and system management offering. They enable administrators to optimize network resources and improve the delivery of applications and services.

Cisco Mitigates DoS Hole
Cisco Mitigates TelePresence, FirePOWER Holes
Six NTP Daemon Holes Patched
Rockwell, Cisco in DPI Pact

The product suffers from two high severity vulnerabilities.

One of them, CVE-2016-1370, allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted IPv6 packets on the network where the NAM is monitoring traffic.

The other, CVE-2016-1388, affects the product’s web interface. An attacker could exploit the flaw to remotely execute arbitrary commands on the underlying operating system via specially crafted HTTP requests. This vulnerability has been found to affect physical and virtual modules (vNAM).

Cisco’s NAM and vNAM products are have two medium severity issues. One of them is a command injection vulnerability, CVE-2016-1390, that allows a local, authenticated attacker to execute arbitrary commands on the host operating system. An attacker could manage to execute commands with root privileges by submitting specially crafted input.

The second medium severity issue, CVE-2016-1391, affects the web interface and allows a remote attacker to execute arbitrary commands or code by sending specially crafted HTTP requests to the targeted system. The vulnerability can only end up exploited by an authenticated attacker.

Cisco mitigated the flaws with the release of patches and security updates.