Cisco

Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active exploitation.

Cisco engineers will test all the software products for four Apache Struts security bugs disclosed last week.

Cisco reviewing products for four Struts flaws

The company is keeping a list of To-Be-Tested, Vulnerable, and Confirmed Not Vulnerable products in two security advisories, here and here.

The first Cisco security advisory is for a Struts security announcements issued on September 5 that accompanied the release of Apache Struts 2.5.13, which fixed three flaws: CVE-2017-9804, CVE-2017-9805, and CVE-2017-9793.

The second Cisco advisory is for Struts 2.3.34, released on September 7, which patched CVE-2017-12611, a Struts remote code execution flaw that grants attackers control over remote servers.

One Struts flaw under active attacks

Of all these four vulnerabilities, CVE-2017-9805 is the only one rated critical due to its severity and relative ease of exploitation.

Exploit code has been published for CVE-2017-9805 and CVE-201712611. Cisco's Talos security division, along with Imperva, have reported in-the-wild attacks against CVE-2017-9805.

"To date, our systems have successfully blocked thousands of attacks from all over the world with China, as usual in Apache Struts vulnerabilities, identified as the most prominent source of attacks," Nadav Avital, Imperva security researcher noted last week.

Cisco reviewing some of its major software products

As Cisco investigation progresses, the company promised patches that integrate the Struts updates into its proprietary technology.

Some of the most known software products Cisco is reviewing include the WebEx Meetings Server, the Data Center Network Manager, Identity Services Engine (ISE), several Cisco Prime products, and some products for video and streaming services.

Apache Struts is an open-source MVC framework coded in Java that is often used to build complex products such as servers and enterprise applications. An estimated 65% of Fortune 100 companies use Struts for their infrastructure.

Earlier this year, researchers discovered an Apache Struts zero-day used in live attacks, that was later used to install ransomware on corporate servers. This flaw — CVE-2017-5638 — is not included in the recent Cisco security audits.

Some experts believe CVE-2017-5638 is also the vulnerability hackers exploited to breach financial firm Equifax, albeit the company never officially confirmed this rumor.