Jisuanji kexue (Apr 2023)

Detection of Web Command Injection Vulnerability for Cisco IOS-XE

  • HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli

DOI
https://doi.org/10.11896/jsjkx.220100113
Journal volume & issue
Vol. 50, no. 4
pp. 343 – 350

Abstract

Read online

Cisco’s new operating system,Cisco IOS-XE,is widely deployed on platforms such as Cisco routers and switches.However,there are vulnerabilities in the system’s Web management interface to allow permission escalation through command injection.Network security is facing serious threats.In recent years,fuzzing is usually used to detect security vulnerabilities in embedded devices,but there is currently no fuzzing framework for Cisco IOS-XE,and current fuzzing methods for IoT have poor performance due to the unique system architecture and command mode of IOS-XE.To solve the problems mentioned above,this paper proposes a novel fuzzing framework CRFuzzer for the Web management service in Cisco IOS-XE system to detect command injection vulnerabilities.CRFuzzer combines front-end requests and back-end scripts analysis to optimize seed generation,and locates vulnerable code based on characteristics of command injection to narrow the scope of testing.In order to evaluate the vulnerability detection performance of CRFuzzer,124 firmwares of 31 different versions are tested on the physical router ISR 4000 series and the cloud router CSR 1000v,and a total of 11 command injection vulnerabilities are detected,and 2 of them are undisclosed vulnerabilities.

Keywords