Cybersafety: NCC-CSIRT issues advisory on exposure to multiple vulnerabilities in Cisco products

*The Nigerian Communications Commission’s Computer Security Incident Response Team explains its advisory recommends using the appropriate accessible software updates from the vendor Web site, in view of multiple vulnerabilities identified in certain Cisco products

Gbenga Kayode | ConsumerConnect

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory for users to frequently review alerts for Cisco products to assess their exposure and find a comprehensive update solution.

Mr. Reuben Muoka, Director of Public Affairs at NCC, Friday, November 4, 2022, stated that the advisory, which also recommended using the appropriate software updates that are accessible from the vendor Web site, followed the identification of multiple vulnerabilities in Cisco Products, especially the Cisco AnyConnect Secure Mobility Client for Windows, which enables employees to access company servers from anywhere without compromising security.

The advisory also noted that the two vulnerabilities made it possible for a remote attacker’s exploit to trigger remote code execution and data manipulation on the targeted system.

The NCC-CSIRT stated: “The weaknesses in the product include uncontrolled search path and Dynamic Link Library (DLL) hijacking vulnerabilities.

“The uncontrolled search path vulnerability results from incorrect handling of directory paths.

“A directory path is a string of characters used to uniquely identify a location in a folder structure.”

The advisory also said: “This flaw could be exploited by an attacker by generating a malicious file and copying it to a system directory (folder).

“An exploit could enable the attacker to copy malicious files with system-level privileges to any location.

“The attacker needs legitimate Windows system credentials to exploit this vulnerability.”

It further noted: “To exploit the DLL hijacking vulnerability, the attacker would also need to have valid credentials on the Windows system.

“The vulnerability was caused by the device’s inadequate run-time resource validation.

“By sending the AnyConnect process a specially designed IPC message, an attacker might take advantage of this vulnerability.”

The advisory, therefore, rated the vulnerability high in impact and probability against consumers of the company’s products.

The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the telecoms sector regulator to focus on incidents in the industry, and as they may affect telecoms consumers and the citizens at large.

The Team also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.