Cisco IPICS Bug Could Allow Attackers to take down 911 Services or Fire-EMS-Police Dispatch (CVE-2016-6397)

thezootsewt/ November 4, 2016/ Cyber Defense, Government, Public Works and Infrastructure, Uncategorized/ 0 comments

You arrive at the scene of a major car accident and attempt to call 9-1-1 to request an ambulance and police assistance…except your call doesn’t go through.  Even if it did, the dispatch system could be down so that 9-1-1 operators cannot communicate with police, fire, and EMS.  If this sounds like a bad scenario – it is!  And it is growing more likely given the recent cyber security vulnerability announcement from Cisco this week.

The Cisco IPICS software is at the core of many local emergency services, tying together phones, radios, and other communications devices.  This week, Cisco announced that the IPICS system is vulnerable to an attacker making unauthenticated and unauthorized changes.  The bug is categorized as critical, and for good reason!  It might be good to make a call to your local emergency management center to inquire if they have installed the latest patch to resolve this vulnerability.  Another similar bug in IPICS (CVE-2016-6430) affects the command line interface, and “could allow an authenticated, local attacker to elevate the privilege level associated with their session.”

In recent days Cisco has released numerous vulnerabilities which require close attention by all organizations running Cisco equipment and software.  Here are a few of the Critical vulnerabilities.

CVE-2016-6441 – Cisco ASR 9000 series routers.  Vulnerability “could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system”

CVE-2016-6452 – Cisco Prime Home.   “A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.”

CVE-2016-6447 – Cisco Meeting Server and Meeting App. “could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.”

CVE-2016-6448 – Cisco Meeting Server. “Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.”

Multiple other vulnerabilities were released as well, but ranked slightly lower in severity.  Just because the severity is lower doesn’t mean that network admins and organizations should be lax on patching their software.  All of these vulnerabilities are serious and could negatively impact the operation of an organization.  Happy patching!

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
*
*