Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-1616: Cisco Security Advisory: Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. Note: This vulnerability has been publicly discussed as NAT Slipstreaming.

CVE
Open in Source
#vulnerability#ios#cisco#auth

At the time of publication, this vulnerability affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software, were configured for NAT, and had the H.323 ALG enabled. The H.323 ALG is enabled by default when NAT is configured.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

****Determine Whether a Device is Configured to Perform NAT****

Administrators can determine whether NAT is active on the device (preferred) or whether NAT commands are present in the device configuration.

Determine Whether NAT is Active

To determine whether NAT is active on a device, log in to the device and issue the show ip nat statistics command in the CLI. If NAT is active, the Outside interfaces and Inside interfaces sections of the command output will include at least one interface.

The following example shows the output of the show ip nat statistics command for a device on which NAT is active:

Router# show ip nat statistics

Total active translations: 1 (0 static, 1 dynamic; 0 extended)
Outside interfaces:
GigabitEthernet0/0/3
Inside interfaces:
GigabitEthernet0/0/1

If the output of the show ip nat statistics command does not list any interfaces, NAT is not active on the device.

Determine Whether NAT Commands are Present

To determine whether NAT commands are present in the device configuration, issue the show running-config command in the CLI. If NAT is active on the device, the output will include the ip nat inside and ip nat outside interface commands. In the case of the NAT Virtual Interface, the ip nat enable interface command will be present.

****Determine Whether H.323 ALG is Disabled in the NAT Configuration

To determine whether the H.323 ALG is disabled in the NAT configuration, use the show running-config | include ip nat service H225 privileged EXEC command. The presence of no ip nat service H225 indicates that the H.323 ALG is disabled in the NAT configuration.

The following example shows the output of show running-config | include ip nat service H225 in Cisco IOS XE Software that has the H.323 ALG disabled in the NAT configuration:

Router#show running-config | include ip nat service H225
no ip nat service H225

If no ip nat service H225 does not appear in the output of show running-config | include ip nat service H225, and the device runs an affected version of Cisco IOS XE Software with NAT enabled, that configuration is affected by this vulnerability.

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • IOS Software
  • IOS XR Software
  • Meraki products
  • NX-OS Software

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE