Apache Struts 2, CVE-2017-9805 and Cisco

Posted by John Marrett on Sep 6, 2017 11:37:05 AM

CVE20179805 banner.png

On September 5th a critical vulnerability  affecting the Apache Struts 2 framework was made public with the release of an updated version 2.5.13

There is already publicly available exploit code for metasploit circulating for this vulnerability (be careful if you use this code, we can't vouch for its security and early release exploit code sometimes targets the user). 

Impact of CVE-2017-9805 on Cisco Products (UPDATED Sep. 08)

In their analysis Cisco has confirmed that CUCM, CUPS and ISE are not affected by this vulnerability, unlike the March issue. There is a long list of products still being validated but the impact of this issue seems to be much less significant than the last Struts vulnerability.

Additionally,  the Cisco ID cisco-sa-20170907-struts2 SEO advisory indicates that there are two other struts attacks though their impact may be less significant.

What can you do now?

Many of the critical systems that enterprises depend on are and will be affected by vulnerabilities. It's complicated to ensure that all of these systems are patched, if patches are even made available by the vendor. In order to ensure the security of your systems, it's critical that you isolate administrative interfaces from regular users. Just like you limit what ports and services can be access from the Internet to servers in your DMZ this same practice should be followed to separate users from server management interfaces. Administrative users should use VPN or other access control methods to ensure that only they can reach these sensitive interfaces. Following this practice allows an enterprise to ensure the security of services while limiting the scope of impact

While some UC servers and ISE services must be made available to end users the majority of them do not, only the user facing portion of ISE and the self-service features UC should need to be exposed. This greatly reduces the number of systems that will need to be immediately patched.

If you need help segregating and securing your environment please do not hesitate to contact our Services Team.

Was this article Helpful?

Subscribe to the Stack8 Blog

Topics: CUCM, CVE-2017-9805, apache struts

Don’t miss out. Expert advice straight to your inbox!

Insightful tips, troubleshooting and solutions for your everyday Unified Communications challenges from our team of experts. You can look forward to:

  • Weekly UC tips;
  • Cisco Unified Communications insights;
  • UCCX - Contact Center insights;
  • Network and Security insights;
  • Cisco Release notes and Product reviews.
Join us for free live demo