Multiple critical Cisco IOS / IOS XE software vulnerabilities

Advisory: CERT.be Advisory #2018-008
Version: 1.0
Reference: CVE-2018-0150 / CVE-2018-0151 / CVE-2018-0171
CVSS: 9.8, 9.8, 9.8
Affected software: Cisco IOS & IOS XE
Type: Unauthorized access, Denial of Service / arbitrary code execution

Sources

https://tools.cisco.com/security/center/publicationListing.x

Risks

CERT.be recommends systems administrators to install the latest updates to the Cisco IOS and IOS XE software. The vulnerabilities, tracked as CVE-2018-0150,CVE-2018-0151,CVE-2018-0171 have following risks : Unauthorized remote access (CVE-2018-0150), Denial of Service and arbitrary code execution (CVE-2018-0151 & CVE-2018-0171)

Summary

CVE-2018-0150: Static Credential

There is an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.

CVE-2018-0151: QOS Remote Code Execution

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur.

CVE-2018-0171: Smart Install Remote Code Execution Vulnerability

The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:
• Triggering a reload of the device
• Allowing the attacker to execute arbitrary code on the device
• Causing an indefinite loop on the affected device that triggers a watchdog crash

Recommend action

Verify if your version of IOS or IOS XE is vulnerable for instance by using Cisco IOS Software Checker and patch the affected systems. (Link provided in the below information)

Linked information

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/softwarechecker.x