Jump to content


Photo

Cisco advisories/updates


  • Please log in to reply
144 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 23 February 2011 - 03:57 PM

FYI...

Cisco - multiple advisories - 23-Feb-2011
- http://www.cisco.com...es_listing.html
___

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
- http://www.cisco.com...080b6e14d.shtml

Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability
- http://www.cisco.com...080b6e148.shtml

Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices
- http://www.cisco.com...080b6e152.shtml

Multiple Vulnerabilities in Cisco TelePresence Recording Server
- http://www.cisco.com...080b6e11d.shtml

Multiple Vulnerabilities in Cisco TelePresence Manager
- http://www.cisco.com...080b6e14f.shtml

Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
- http://www.cisco.com...080b6e14e.shtml
23-Feb-2011
___

- http://www.securityt....com/id/1025108
- http://www.securityt....com/id/1025109
- http://www.securityt....com/id/1025112
- http://www.securityt....com/id/1025113
- http://www.securityt....com/id/1025114
23-Feb-2011
- http://www.securityt....com/id/1025118
Feb 24 2011

- http://secunia.com/advisories/43451/
- http://secunia.com/advisories/43453/
- http://secunia.com/advisories/43458/
- http://secunia.com/advisories/43488/
2011-02-24

- http://atlas.arbor.net/briefs/
February 24, 2011

:!: :!: :!:

Edited by AplusWebMaster, 28 February 2011 - 11:45 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 30 March 2011 - 06:03 PM

FYI...

- http://www.cisco.com...es_listing.html

Cisco Network Access Control Guest Server System vuln
- http://www.cisco.com...10330-nac.shtml
2011 March 30 - "Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network.
Cisco has released free software updates that address this vulnerability... This vulnerability may result in authentication bypass without requiring a valid username or password..."
CVE-2011-0963
- http://www.securityt....com/id/1025272
Mar 30 2011

Cisco Secure Access Control System Unauthorized Password Change vuln
- http://www.cisco.com...10330-acs.shtml
2011 March 30 - "A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store.
This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password.
Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability..."
CVE-2011-0951
Identifying and Mitigating Exploitation of the Cisco Secure Access Control System Unauthorized Password Change vuln
- http://www.cisco.com...10330-acs.shtml
2011 March 30

- http://www.securityt....com/id/1025271
Mar 30 2011
___

- http://isc.sans.edu/...l?storyid=10627
Last Updated: 2011-04-01 14:38:48 UTC ...(Version: 2)
"Update: Cisco PSIRT have provided the following information. Only users configured on one of the ACS internal identity stores are vulnerable. Users configured for administration of the ACS are -not- vulnerable. Users configured on external identity stores are -not- vulnerable."
- http://www.cisco.com/go/psirt/

:!: :!:

Edited by AplusWebMaster, 01 April 2011 - 01:55 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 28 April 2011 - 08:48 AM

FYI...

Cisco Wireless LAN vuln...
- http://secunia.com/advisories/44384/
Release Date: 2011-04-28
Impact: DoS
Where: From local network
CVE Reference: CVE-2011-1613
Solution: Update to a fixed version
Original Advisory:
http://www.cisco.com...10427-wlc.shtml

Cisco Unified Communications Manager multiple vulns...
- http://secunia.com/advisories/44331/
Release Date: 2011-04-28
Impact: Manipulation of data, DoS, System access
Where: From local network
CVE Reference(s): CVE-2011-1604, CVE-2011-1605, CVE-2011-1606, CVE-2011-1607, CVE-2011-1609, CVE-2011-1610
Original Advisory
http://www.cisco.com...0427-cucm.shtml

- http://www.securityt....com/id/1025448
- http://www.securityt....com/id/1025449
Apr 27 2011

:ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 19 May 2011 - 08:23 AM

FYI...

Cisco UOM multiple vulns - updates available
- http://www.securityt....com/id/1025543
May 18 2011
CVE Reference: CVE-2011-0959, CVE-2011-0960, CVE-2011-0961, CVE-2011-0962, CVE-2011-0966
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): 8.0, 8.5; possibly other versions
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco Unified Operations Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can execute SQL commands on the underlying database.
A remote user can view files on the target system.
Solution: The vendor has issued a fix (8.6).
The vendor's advisories are available at:
http://tools.cisco.c...x?alertId=23085
http://tools.cisco.c...x?alertId=23086
http://tools.cisco.c...x?alertId=23088
http://tools.cisco.c...x?alertId=23087
http://tools.cisco.c...x?alertId=23089
___

- http://secunia.com/advisories/44597/ - CVE-2011-0961
- http://secunia.com/advisories/44645/ - CVE-2011-0959, CVE-2011-0960, CVE-2011-0962
- http://secunia.com/advisories/44646/ - CVE-2011-0966
2011-05-19

:!: :ph34r:

Edited by AplusWebMaster, 19 May 2011 - 12:06 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 25 May 2011 - 12:15 PM

FYI...

5 Cisco security advisories released
- http://isc.sans.edu/...date=2011-05-25


- http://www.cisco.com...es_listing.html
25-May-2011
Cisco Content Delivery System Internet Streamer: Web Server Vuln
- http://www.cisco.com...525-spcdn.shtml
Cisco RVS4000 and WRVS4400N Web Management Interface Vuln
- http://www.cisco.com...5-rvs4000.shtml
Cisco IOS XR Software IP Packet Vuln
- http://www.cisco.com...525-iosxr.shtml
Cisco XR 12000 Series Shared Port Adapters Interface Processor Vuln
- http://www.cisco.com...-iosxrspa.shtml
Cisco IOS XR Software SSHv1 Denial of Service Vuln
- http://www.cisco.com...iosxr-ssh.shtml
___

- http://www.securityt....com/id/1025564
- http://www.securityt....com/id/1025565
- http://www.securityt....com/id/1025566
- http://www.securityt....com/id/1025567
- http://www.securityt....com/id/1025568
May 25 2011

:!: :ph34r:

Edited by AplusWebMaster, 25 May 2011 - 04:25 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 01 June 2011 - 02:38 PM

FYI...

Cisco - multiple security advisories...
> http://www.cisco.com...es_listing.html

Default Credentials Vulnerability in Cisco Network Registrar
- http://www.cisco.com...10601-cnr.shtml

Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
- http://www.cisco.com...601-phone.shtml

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
- http://www.cisco.com...110601-ac.shtml

Default Credentials for root Account on the Cisco Media Experience Engine 5600
- http://www.cisco.com...10601-mxe.shtml
___

- http://www.securityt....com/id/1025588
- http://www.securityt....com/id/1025589
- http://www.securityt....com/id/1025590
- http://www.securityt....com/id/1025591
Jun 1 2011

:!: :ph34r:

Edited by AplusWebMaster, 01 June 2011 - 04:22 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 07 July 2011 - 05:59 AM

FYI...

Cisco Content Services Gateway DoS vuln
- http://secunia.com/advisories/45148/
Release Date: 2011-07-07
Impact: DoS
Where: From local network
CVE Reference: CVE-2011-2064
Original Advisory:
http://www.cisco.com...10706-csg.shtml
2011 July 06

- http://www.cisco.com...es_listing.html

:ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 21 July 2011 - 04:50 AM

FYI...

- http://www.cisco.com...es_listing.html

Cisco ASR 9000 Series Routers...
- http://www.cisco.com...720-asr9k.shtml
2011 July 20
Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability...

Cisco SA 500 Series Security Appliances
- http://www.cisco.com...720-sa500.shtml
2011 July 20
Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities...
___

- http://www.securityt....com/id/1025810
Jul 20 2011
- http://www.securityt....com/id/1025811
Jul 20 2011

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 29 July 2011 - 02:39 PM

FYI...

- http://www.us-cert.g...ty_advisory_and
July 31, 2011 at 08:21 pm
___

- http://www.cisco.com...es_listing.html

Cisco mitigation Bulletin: Default credentials - Root Account - TelePresence Recording Svr
- http://www.cisco.com...110729-tp.shtml
29-Jul-2011 - "Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings...
CVE Reference: CVE-2011-2555
Workarounds: A workaround exists to mitigate and fix this vulnerability. The workaround requires manual intervention on the affected system. Please contact the Cisco Technical Assistance Center (TAC) for instructions on how to implement this workaround. Customers are advised to migrate to Cisco TelePresence Recording Server software version 1.7.2.1...
Device-Specific Mitigation and Identification: Specific information about mitigation and identification is available for these devices:
Cisco IOS Routers and Switches
Cisco IOS NetFlow
Cisco ASA and FWSM Firewalls ...
Cisco has released free software updates that address this vulnerability..."
- http://tools.cisco.c...ter/searchAIR.x

- http://www.securityt....com/id/1025872
Jul 29 2011

:!: :ph34r:

Edited by AplusWebMaster, 01 August 2011 - 06:34 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 05 August 2011 - 01:06 PM

FYI...

Cisco - infected CDs ...
- http://www.cisco.com...110803-cd.shtml
2011 August 03 - "... In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository. When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user... the third-party site in question is currently -inactive- as a malware repository, so customers are not in immediate danger of having their computers compromised. However, if this third-party web site would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser. All warranty CDs printed with "Revision -F0" (or later) do not contain references to the third-party website and do not introduce a potential to compromise customers' computers... Although there are no distinguishable markings on the CDs, all warranty CDs shipped in the period of December 2010 through August 2011 do contain a reference to the third-party site..."
(More detail available at the Cisco URL above.)
___

- http://www.securityt....com/id/1025883
Aug 3 2011

- https://isc.sans.edu...l?storyid=11302
Last Updated: 2011-08-03

- http://www.theregist...ary_cd_warning/
5 August 2011

:ph34r: :blink:

Edited by AplusWebMaster, 08 August 2011 - 02:23 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 24 August 2011 - 07:10 AM

FYI...

Cisco IOS Login...
- http://www.securityt....com/id/1025964
Aug 23 2011
CVE Reference: CVE-2011-1624
... A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (12.2(58)SE1).
... advisory is available at:
http://tools.cisco.c...ugId=CSCto62631

Cisco IOS Data-Link Switching...
- http://www.securityt....com/id/1025965
Aug 23 2011
CVE Reference: CVE-2011-1625
... A remote user can the target device to crash and reload.
Solution: The vendor has issued a fix (12.2(33)SCF).
The vendor's advisory is available at:
http://tools.cisco.c...ugId=CSCtf74999

:!: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 25 August 2011 - 07:44 AM

FYI...

> http://www.cisco.com...es_listing.html

Cisco Intercompany Media Engine...
- http://www.securityt....com/id/1025969
Aug 24 2011
CVE Reference: CVE-2011-2563, CVE-2011-2564
Impact: Denial of service via network
Version(s): 8.0.x...
Solution: The vendor has issued a fix (8.5(1)), available at:
http://www.cisco.com...10824-ime.shtml

Cisco Unified Communications Manager...
1. http://www.securityt....com/id/1025970
Aug 24 2011
CVE Reference: CVE-2011-2560, CVE-2011-2561, CVE-2011-2562, CVE-2011-2563, CVE-2011-2564
Impact: Denial of service via network
Version(s): 4.x, 6.x, 7.x, 8.x
Solution: The vendor has issued a fix (6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, 8.6(1))... available at:
http://www.cisco.com...0824-cucm.shtml

Cisco Unified Communications Manager...
2. http://www.securityt....com/id/1025971
Aug 24 2011
CVE Reference: CVE-2011-1643
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Version(s): 6.x, 7.x, 8.0, 8.5
Solution: The vendor has issued a fix. A patch matrix is available... at:
http://www.cisco.com...cucm-cups.shtml

Cisco Unified Presence...
- http://www.securityt....com/id/1025972
Aug 24 2011
CVE Reference: CVE-2011-1643
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Version(s): 6.x, 7.x, 8.0, 8.5
Solution: The vendor has issued a fix. A patch matrix is available... at:
http://www.cisco.com...cucm-cups.shtml
___

- https://www.us-cert....ity_advisories4
August 25, 2011
___

- https://secunia.com/advisories/45738/
- https://secunia.com/advisories/45741/
- https://secunia.com/advisories/45743/
- https://secunia.com/advisories/45772/
2011-08-25

:!: :ph34r:

Edited by AplusWebMaster, 25 August 2011 - 03:47 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 01 September 2011 - 06:49 AM

FYI...

Cisco TelePresence vuln - update available
- http://www.securityt....com/id/1025994
Aug 31 2011
CVE Reference: http://web.nvd.nist....d=CVE-2011-2577
Impact: A remote user can cause the target device to crash.
Solution: The vendor has issued a fix (TC 4.0.0, F9.1).
... vendor's advisory is available at:
http://www.cisco.com...-tandberg.shtml

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 14 September 2011 - 10:19 PM

FYI...

- http://www.cisco.com...es_listing.html

CiscoWorks LAN Management Solution vuln
- http://www.cisco.com...10914-lms.shtml
Revision 1.1 - Updated 2011 September 19
"Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities... Both vulnerabilities are documented... and have been assigned CVE ID CVE-2011-2738..."

Cisco Unified Service Monitor and Cisco Unified Operations Manager vulns
- http://www.cisco.com...0914-cusm.shtml
2011 September 14 - "Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities... Both of these vulnerabilities are documented... and have been assigned CVE ID CVE-2011-2738..."

- http://web.nvd.nist....d=CVE-2011-2738
Last revised: 09/19/2011
CVSS v2 Base Score: 10.0 (HIGH)
___

Download - Cisco Software Center
- http://www.cisco.com.../navigator.html
___

Apache HTTPd DoS vuln ...
- http://www.cisco.com...30-apache.shtml
Revision 1.6 - Updated 2011 September 15
... Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory:
- http://tools.cisco.c...x?alertId=24024
___

- http://www.securityt....com/id/1026046
- http://www.securityt....com/id/1026047
- http://www.securityt....com/id/1026048
Sep 14 2011

- https://secunia.com/advisories/46016/
Release Date: 2011-09-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
... CiscoWorks LAN Management Solution... vulnerabilities are reported in versions 3.1 and 3.2.
Solution: Upgrade to version 4.1.
Original Advisory: http://www.cisco.com...10914-lms.shtml

- https://secunia.com/advisories/45979/
Release Date: 2011-09-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following products:
* CiscoWorks Prime LAN Management Solution version 4.0.
* Cisco Unified Service Monitor prior to version 8.6.
* Cisco Unified Operations Manager prior to version 8.6.
Solution: Update to a fixed version.
Original Advisory:
http://www.cisco.com...10914-lms.shtml
http://www.cisco.com...0914-cusm.shtml
___

Cisco Nexus 5000 and 3000 Series Switches vuln
- http://www.cisco.com...907-nexus.shtml
2011 September 07 - "A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability... This vulnerability is documented... and has been assigned CVE ID CVE-2011-2581..."
> http://web.nvd.nist....d=CVE-2011-2581
Original release date: 09/14/2011

:!:

Edited by AplusWebMaster, 21 September 2011 - 10:27 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 28 September 2011 - 05:12 PM

FYI...

Semi-Annual Cisco IOS Software Security Advisory Bundled Publication
- http://www.cisco.com..._ERP_sep11.html
September 28, 2011
___

> http://www.cisco.com...es_listing.html

Cisco IOS Software IPv6over MPLS vulns
- http://www.cisco.com...-ipv6mpls.shtml
2011 September 28

Cisco IOS Software IPS and Zone-Based Firewall vulns
- http://www.cisco.com...0928-zbfw.shtml
2011 September 28

Cisco IOS Software IP Svc Level Agreement vuln
- http://www.cisco.com...928-ipsla.shtml
2011 September 28

Cisco 10000 Series DoS vuln
- http://www.cisco.com...0928-c10k.shtml
2011 September 28

Cisco IOS Software Smart Install vuln
- http://www.cisco.com...t-install.shtml
2011 September 28

Cisco UCM vuln
- http://www.cisco.com...0928-cucm.shtml
2011 September 28

Cisco IOS Software Data-Link Switching vuln
- http://www.cisco.com...0928-dlsw.shtml
2011 September 28

Cisco IOS Software NAT vulns
- http://www.cisco.com...10928-nat.shtml
2011 September 28

Cisco IOS Software IPv6 DoS vuln
- http://www.cisco.com...0928-ipv6.shtml
2011 September 28

Cisco IOS Software Session Initiation Protocol DoS vuln
- http://www.cisco.com...10928-sip.shtml
2011 September 28

Jabber Extensible Communications Platform/Cisco Unified Presence XML DoS vuln
- http://www.cisco.com...cpcupsxml.shtml
2011 September 28

:!: :!:

Edited by AplusWebMaster, 29 September 2011 - 12:40 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 05 October 2011 - 01:03 PM

FYI...

- http://www.cisco.com...es_listing.html

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services multiple vulns...
- http://www.cisco.com...11005-asa.shtml
2011 October 05 - "... affected by multiple vulnerabilities as follows:
MSN Instant Messenger (IM) Inspection Denial of Service vulnerability
TACACS+ Authentication Bypass vulnerability
Four SunRPC Inspection Denial of Service vulnerabilities
Internet Locator Service (ILS) Inspection Denial of Service vulnerability..."

Cisco Firewall Services multiple vulns...
- http://www.cisco.com...1005-fwsm.shtml
2011 October 05 - "... affected by the following vulnerabilities:
Syslog Message Memory Corruption Denial of Service Vulnerability
Authentication Proxy Denial of Service Vulnerability
TACACS+ Authentication Bypass Vulnerability
Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities
Internet Locator Server (ILS) Inspection Denial of Service Vulnerability..."

Cisco Network Admission Control Manager Directory Traversal vuln
- http://www.cisco.com...11005-nac.shtml
2011 October 05 - "... directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability..."
___

- http://www.securityt....com/id/1026140
CVE Reference: CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303, CVE-2011-3304
- http://www.securityt....com/id/1026141
CVE Reference: CVE-2011-3296, CVE-2011-3297, CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303
- http://www.securityt....com/id/1026142
CVE Reference: CVE-2011-3305
Oct 5 2011

:!:

Edited by AplusWebMaster, 06 October 2011 - 05:13 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 13 October 2011 - 02:15 PM

FYI...

- http://www.cisco.com...es_listing.html

Cisco TelePresence Video Communication Svr vuln
- http://www.cisco.com...11012-vcs.shtml
Release 2011 October 12
A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks...
Cisco TelePresence Video Communication Server Software versions earlier than X7.0 are affected. This vulnerability has been corrected in Cisco TelePresence Video Communication Server Software version X7.0... CVE-2011-3294...

- http://securitytracker.com/id/1026186
CVE Reference: CVE-2011-3294
Date: Oct 13 2011
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version: VCS prior to 7.0
Description: A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks...
___

Cisco IOS Smart Install vuln
- http://www.cisco.com...t-install.shtml
Revision 1.2
Last Updated 2011 October 11
Release 2011 September 28
Summary: A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature...
___

Cisco IOS IP SLA vuln
- http://www.cisco.com...928-ipsla.shtml
Revision 1.2
Last Updated 2011 October 10
Release 2011 September 28
Summary: The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability...

:!: :!: :!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 20 October 2011 - 06:25 AM

FYI...

- http://tools.cisco.c...licationListing

CiscoWorks Common Services Arbitrary Command Execution Vulnerability
- http://tools.cisco.c...-sa-20111019-cs
October 19, 2011 - "CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
- http://www.securityt....com/id/1026226
CVE Reference: CVE-2011-3310
Date: Oct 19 2011

Cisco Show and Share Security Vulnerabilities
- http://tools.cisco.c...sa-20111019-sns
October 19, 2011 - "The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. The first vulnerability allows an unauthenticated user to access several administrative web pages. The second vulnerability permits an authenticated user to execute arbitrary code on the device under the privileges of the web server user account. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities..."
- http://www.securityt....com/id/1026227
CVE Reference: CVE-2011-2584, CVE-2011-2585
Date: Oct 19 2011

- https://www.us-cert....rity_advisories
October 19, 2011 - "... vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions..."
___

CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities
- http://tools.cisco.c...sa-20110914-lms
Updated October 19, 2011 - Revision 1.2

Cisco IOS Software Data-Link Switching Vulnerability
- http://tools.cisco.c...a-20110928-dlsw
Updated October 18, 2011 - Revision 1.1

Cisco IOS Software IP Service Level Agreement Vulnerability
- http://tools.cisco.c...-20110928-ipsla
Updated October 18, 2011 - Revision 2.1

:ph34r: :!: :ph34r:

Edited by AplusWebMaster, 21 October 2011 - 07:33 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 27 October 2011 - 12:15 AM

FYI...

- http://tools.cisco.c...licationListing

Cisco Unified Contact Center Express Directory Traversal Vulnerability
- http://tools.cisco.c...a-20111026-uccx
October 26, 2011 - Version 1.0

Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
- http://tools.cisco.c...20111026-camera
October 26, 2011 - Version 1.0

Cisco Security Agent Remote Code Execution Vulnerabilities
- http://tools.cisco.c...sa-20111026-csa
October 26, 2011 - Version 1.0

Buffer Overflow Vulnerabilities in the Cisco WebEx Player
- http://tools.cisco.c...-20111026-webex
October 26, 2011 - Version 1.0

- https://www.us-cert....ity_advisories4
October 26, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information..."
___

- Updated:

Cisco Unified Communications Manager Denial of Service Vulnerabilities
- http://tools.cisco.c...a-20110824-cucm
October 26, 2011 - Version 1.2

Cisco Unified Communications Manager Directory Traversal Vulnerability
- http://tools.cisco.c...a-20111026-cucm
October 26, 2011 - Version 1.1

Cisco IOS Software Smart Install Remote Code Execution Vulnerability
- http://tools.cisco.c...8-smart-install
October 26, 2011 - Version 1.3

:!:

Edited by AplusWebMaster, 27 October 2011 - 07:40 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 01 November 2011 - 08:23 AM

FYI...

Cisco Nexus OS vuln
- http://securitytracker.com/id/1026254
Date: Oct 28 2011
CVE Reference: http://web.nvd.nist....d=CVE-2011-2569
Impact: Root access via local system, User access via local system
Fix Available: Yes - Vendor Confirmed: Yes
Description: A vulnerability was reported in Cisco NX-OS. A local user can obtain elevated privileges on the target system...
The vendor's advisory is available at:
> http://tools.cisco.c...x?alertId=24458

:ph34r: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 02 November 2011 - 06:18 PM

FYI...

- http://tools.cisco.c...licationListing

Cisco SRP500 series (Small Business) bug lets remote users inject commands
- http://www.securityt....com/id/1026266
CVE Reference: http://web.nvd.nist....d=CVE-2011-4005
Date: Nov 2 2011
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes | Vendor Confirmed: Yes
Version(s): 520 Series ...
... vendor's advisory is available at:
- http://tools.cisco.c...20111102-srp500
2011 November 2 - "Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available..."
IPS Signatures:
- http://tools.cisco.c...gnatureId=40046
Alarm Severity: High
CVE: CVE-2011-4005
IntelliShield Alerts:
- http://tools.cisco.c...x?alertId=24495
CVE: CVE-2011-4005
CVSS Score: 9.3/7.7
___

- https://secunia.com/advisories/46664/
Release Date: 2011-11-03
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
CVE Reference: http://web.nvd.nist....d=CVE-2011-4005
... vulnerability is reported in the following products and versions:
* Cisco SRP521W versions prior to 1.1.24.
* Cisco SRP526W versions prior to 1.1.24.
* Cisco SRP527W versions prior to 1.1.24.
* Cisco SRP541W versions prior to 1.2.1.
* Cisco SRP546W versions prior to 1.2.1.
* Cisco SRP547W versions prior to 1.2.1.
Solution: Update to version 1.1.24 or 1.2.1.

:ph34r: :ph34r:

Edited by AplusWebMaster, 03 November 2011 - 08:31 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 10 November 2011 - 06:41 AM

FYI...

Cisco TelePresence - C Series EX Series - vuln/workaround
- http://tools.cisco.c...nce-c-ex-series
2011 November 9 - "... Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory..."

- http://www.securityt....com/id/1026308
Date: Nov 9 2011
Impact: Root access via network
Version(s): TC4.0, TC4.1, TC4.2; distributed between November 18, 2010 and September 19, 2011
Impact: A remote user can gain root administrative access.
Solution: The vendor has issued a fix.
vendor's advisory is available at:
- http://tools.cisco.c...nce-c-ex-series

- https://secunia.com/advisories/46778/
Release Date: 2011-11-10
Criticality level: Moderately critical
Impact: System access
Where: From local network.
Solution Status: Vendor Workaround
... reported in versions TC 4.0, TC 4.1, and TC 4.2 in the following products:
* Cisco TelePresence System Integrator C Series
* Cisco TelePresence EX Series
* Cisco TelePresence Quick Set
Solution: Disable the root account (please see the vendor's advisory for more information)...

:!: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 19 January 2012 - 05:46 AM

FYI...

- http://tools.cisco.c...licationListing

Cisco IP Video - updates released
- http://www.securityt....com/id/1026539
CVE Reference: CVE-2011-4659
Date: Jan 18 2012
Impact: Root access via network
Version(s): E20 Phone; TelePresence Software version TE 4.1.0
Impact: A remote user can obtain root access on the target system.
Solution: The vendor has issued a fix (TE 4.1.1).
The vendor's advisory is available at:
http://tools.cisco.c...-sa-20120118-te
Summary: Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device...

Cisco Digital Media Manager - updates released
- http://www.securityt....com/id/1026541
CVE Reference: CVE-2012-0329
Date: Jan 18 2012
Impact: User access via network
Version(s): 5.2.2 and prior versions; 5.2.3
Impact: A remote authenticated user can gain administrative privileges on the target system.
Solution: The vendor has issued a fix (5.2.2.1, 5.3 DMM523_PATCH-A.iso).
The vendor's advisory is available at:
http://tools.cisco.c...sa-20120118-dmm
Summary: Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system...
___

Cisco WPS vuln Response
- http://tools.cisco.c...11-wps#Response
2012-January-18 - Rev 2.0 - Updated information for the WRP400.

:!: :ph34r:

Edited by AplusWebMaster, 19 January 2012 - 07:05 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 27 January 2012 - 07:15 AM

FYI...

- http://tools.cisco.c...licationListing

Cisco IronPort appliances Telnet Remote Code Execution vuln...
- https://secunia.com/advisories/47720/
Release Date: 2012-01-27
Criticality level: Moderately critical
Impact: System access
Where: From local network
CVE Reference: http://web.nvd.nist....d=CVE-2011-4862 - 10.0 (HIGH)
Solution Status: Vendor Workaround
... vulnerability is reported in the following products:
* Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0.
* Cisco IronPort Security Management Appliance (M-Series) versions prior to 7.8.0.
Solution: Disable the telnet service or update to a fixed version when available - see the vendor's advisory...
Original Advisory: Cisco (cisco-sa-20120126-ironport):
http://tools.cisco.c...120126-ironport
2012 January 26 - "... Cisco Ironport has not yet released software updates that address this vulnerability..."
___

- https://isc.sans.edu...l?storyid=12472
Last Updated: 2012-01-27 09:52:03 UTC - "... To mitigate the risk... switch off telnet on the device and use SSH to manage it instead..."

- https://secure.wikim...Telnet#Security

:!: :ph34r:

Edited by AplusWebMaster, 27 January 2012 - 04:09 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 17 February 2012 - 07:20 AM

FYI...

Cisco NX-OS malformed IP Packet DoS vuln...
- http://tools.cisco.c...a-20120215-nxos
2012 Feb 15 - Summary: "Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet. Cisco has released free software updates that address this vulnerability..."
- http://web.nvd.nist....d=CVE-2012-0352
Last revised: 02/16/2012

- https://www.us-cert...._advisory_for29
Feb 15, 2012

:!:

Edited by AplusWebMaster, 17 February 2012 - 09:09 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 21 February 2012 - 04:13 PM

FYI...

- http://tools.cisco.c...licationListing

Cisco NX-OS Malformed IP Packet Denial of Service Vuln
- http://tools.cisco.c...a-20120215-nxos
2012-Feb-17 - Revision 1.1 - Added 4.x releases for Nexus 1000v Series Switches as vulnerable.

Cisco IOS Software Smart Install Remote Code Execution Vuln
- http://tools.cisco.c...8-smart-install
2012-Feb-17 - Revision 1.5 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

Cisco 10000 Series Denial of Service Vuln
- http://tools.cisco.c...a-20110928-c10k
2012-Feb-17 - Revision 1.3 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

Cisco IOS Software Network Address Translation Vuln
- http://tools.cisco.c...sa-20110928-nat
2012-Feb-17 - Revision 1.3 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 24 February 2012 - 03:17 PM

FYI...

- http://tools.cisco.c...licationListing

Cisco SMB SRP 500 multiple vulns
- http://tools.cisco.c...20120223-srp500
2012 Feb 23
Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:
Cisco SRP 500 Series Web Interface Command Injection Vulnerability
Cisco SRP 500 Series Unauthenticated Configuration Upload Vulnerability
Cisco SRP 500 Series Directory Traversal Vulnerability
These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP device by default configuration and the WAN side of the SRP device if remote management is enabled. Remote management is disabled by default.
Cisco has released free software updates that address these vulnerabilities...
Workarounds:
• Disable Remote Management
Caution: Do not disable remote management if administrators manage devices using the WAN connection. This action will result in a loss of management connectivity to the device. Remote Management is disabled by default. If it is enabled, administrators can disable this feature by choosing Administration > Web Access Management. Change the setting for the Remote Management field to Disabled. Disabling remote management limits exposure because the vulnerability can then be exploited from the inter-LAN network only.
• Limit Remote Management Access to Specific IP Addresses...
___

- https://secunia.com/advisories/48129/
Release Date: 2012-02-24
Criticality level: Moderately critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to version 1.1.26 or 1.2.4.
Original Advisory:
http://tools.cisco.c...20120223-srp500

- http://www.securityt....com/id/1026736
Date: Feb 23 2012
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0363 - 9.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0364 - 7.8 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0365 - 9.0 (HIGH)
Last revised: 02/29/2012
Impact: Execution of arbitrary code via network, Modification of system information, Root access via network
... affected when running firmware prior to version 1.1.26:
* Cisco SRP 521W, SRP 526W, SRP 527W
... affected when running firmware prior to version 1.2.4:
* Cisco SRP 521W-U, SRP 526W-U, 527W-U, 541W, 546W, 547W ...

:ph34r: :ph34r:

Edited by AplusWebMaster, 29 February 2012 - 11:36 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 29 February 2012 - 06:16 PM

FYI...

- http://tools.cisco.c...licationListing

Cisco Wireless LAN Controllers - multiple vulns
- http://tools.cisco.c...sa-20120229-wlc
Last Updated: 2012 March 1
Cisco Cius DoS vuln
- http://tools.cisco.c...a-20120229-cius
Feb 29, 2012
Cisco UCM Skinny Client Control Protocol vuln
- http://tools.cisco.c...a-20120229-cucm
Feb 29, 2012
Cisco Unity Connection - multiple vulns
- http://tools.cisco.c...sa-20120229-cuc
Feb 29, 2012
Cisco TelePresence Video Communication Svr Session Initiation Protocol DoS vulns
- http://tools.cisco.c...sa-20120229-vcs
Feb 29, 2012
___

- https://www.us-cert....ity_advisories5
Feb 29, 2012

- https://secunia.com/advisories/48176/ - Cisco Cius
- https://secunia.com/advisories/48232/ - Cisco Wireless LAN Controllers
- https://secunia.com/advisories/48231/ - Cisco Unified Communications Manager
- https://secunia.com/advisories/48218/ - Cisco Unified Communications Manager
- https://secunia.com/advisories/48004/ - Cisco Unity Connection DoS vuln
- https://secunia.com/advisories/48215/ - Cisco Unity Connection Sec Bypass + DoS vuln
- https://secunia.com/advisories/48234/ - Cisco TelePresence Video Comm Svr DoS vuln

- http://www.securityt....com/id/1026748 - Cisco Cius
- http://www.securityt....com/id/1026747 - Cisco Wireless LAN Controllers
- http://www.securityt....com/id/1026749 - Cisco Unified Communications Manager
- http://www.securityt....com/id/1026750 - Cisco Unity Connection
- http://www.securityt....com/id/1026751 - Cisco TelePresence Video Comm Svr

:!: :ph34r:

Edited by AplusWebMaster, 04 March 2012 - 01:50 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 15 March 2012 - 09:25 AM

FYI...

- http://tools.cisco.c...licationListing

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services
- http://tools.cisco.c...sa-20120314-asa
March 14, 2012

Cisco Firewall Services... DoS vuln
- http://tools.cisco.c...a-20120314-fwsm
March 14, 2012

Cisco ASA 5500 Series - VPN ActiveX Control Remote Code Execution vuln
- http://tools.cisco.c...20314-asaclient
March 14, 2012
___

- https://www.us-cert....ity_advisories6
March 14, 2012

- http://h-online.com/-1473257
15 March 2012

:!: :ph34r:

Edited by AplusWebMaster, 15 March 2012 - 12:24 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 29 March 2012 - 03:37 AM

FYI...

- http://www.cisco.com..._ERP_mar12.html
March 28, 2012
___

- http://tools.cisco.c...licationListing

Cisco IOS Software Reverse SSH Denial of Service Vulnerability
- http://tools.cisco.c...sa-20120328-ssh
March 28, 2012
Cisco IOS Software RSVP Denial of Service Vulnerability
- http://tools.cisco.c...a-20120328-rsvp
March 28, 2012
Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization
- http://tools.cisco.c...a-20120328-mace
March 28, 2012
Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
- http://tools.cisco.c...a-20120328-msdp
March 28, 2012
Cisco IOS Software Network Address Translation Vulnerability
- http://tools.cisco.c...sa-20120328-nat
March 28, 2012
Cisco IOS Internet Key Exchange Vulnerability
- http://tools.cisco.c...sa-20120328-ike
March 28, 2012
Cisco IOS Software Smart Install Denial of Service Vulnerability
- http://tools.cisco.c...28-smartinstall
March 28, 2012
Cisco IOS Software Command Authorization Bypass
- http://tools.cisco.c...sa-20120328-pai
March 28, 2012
Cisco IOS Software Zone-Based Firewall Vulnerabilities
- http://tools.cisco.c...a-20120328-zbfw
March 28, 2012
___

Cisco IOS Reverse SSHv2 Login Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026866
Cisco IOS RSVP VPN Routing and Forwarding Bug Lets Remote Users Deny Service
- http://www.securityt....com/id/1026865
Cisco IOS Bugs in Traffic Optimization Features Let Remote Users Execute Arbitrary Code
- http://www.securityt....com/id/1026862
Cisco IOS Multicast Source Discovery Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026868
Cisco IOS SIP NAT Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026864
Cisco IOS IKE Processing Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026863
Cisco IOS Smart Install Bug Lets Remote Users Deny Service
- http://www.securityt....com/id/1026867
Cisco IOS Lets Remote Authenticated Users Bypass Command Authorization Level Controls
- http://www.securityt....com/id/1026860
Cisco IOS Zone-Based Firewall IP/HTTP/H.323/SIP Bugs Let Remote Users Deny Service
- http://www.securityt....com/id/1026861
___

- https://www.us-cert....ity_advisories7
March 28, 2012

:!: :!: :!:

Edited by AplusWebMaster, 01 April 2012 - 10:51 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 05 April 2012 - 09:15 AM

FYI...

Cisco WebEx Player updates...
- http://tools.cisco.c...-20120404-webex
2012 April 4 - "... Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user... If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/
Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities..."

- http://www.securityt....com/id/1026888
CVE Reference: CVE-2012-1335, CVE-2012-1336, CVE-2012-1337
Date: Apr 4 2012
Impact: Execution of arbitrary code via network, User access via network ...
Solution: The vendor has issued a fix (Client builds 27.25.10 (T27 LC SP25 EP10), Client builds 27.32.1 (T27 LD SP32 CP1)...

:!: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 03 May 2012 - 02:35 AM

FYI...

Cisco multiple advisories - 2012.05.02-03

Cisco IOS Multiple Bugs...
- http://www.securityt....com/id/1027005
Date: May 2 2012
CVE Reference: CVE-2011-2578, CVE-2011-2586, CVE-2011-3289, CVE-2011-3295, CVE-2011-4007, CVE-2011-4012, CVE-2011-4015, CVE-2011-4016, CVE-2012-0338, CVE-2012-0339, CVE-2012-0362
Impact: Denial of service via network, Disclosure of system information, Host/resource access via network
Description: Multiple vulnerabilities were reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can bypass security controls. A remote user can obtain potentially sensitive information. A physically local user can read the start-up configuration...
Solution: The vendor has issued fixes. The vendor's advisories are available at:
http://www.cisco.com...151-4MCAVS.html
http://tools.cisco.c...x?alertId=24436
http://www.cisco.com...F_rebuilds.html
http://www.cisco.com...H_rebuilds.html
http://www.cisco.com...151-2TCAVS.html
http://www-europe.ci...577&sortparam=7
http://www.cisco.com...aveats_33s.html
http://www.cisco.com...aveats_SXJ.html
http://www.cisco.com...ts_15_2_2s.html

Cisco Carrier Routing System Bugs...
- http://www.securityt....com/id/1027006
Date: May 2 2012
CVE Reference: CVE-2011-3283, CVE-2011-3295
Impact: Denial of service via network
Solution: The vendor has issued a fix. The vendor's advisories are available at:
http://www.cisco.com...7&release=3.9.1
http://www-europe.ci...577&sortparam=7

Cisco Unified MeetingPlace Input Validation Flaw...
- http://www.securityt....com/id/1027007
Date: May 2 2012
CVE Reference: CVE-2012-0337
Impact: Disclosure of system information, Disclosure of user information, User access via network
Version(s): 7.1
Description: A vulnerability was reported in Cisco Unified MeetingPlace. A remote authenticated user can inject SQL commands...
Solution: The vendor has issued a fix (7.1.2.6 (MR1)). The vendor's advisory is available at:
http://www.cisco.com...tes/mp71rn.html

Cisco ASA Bugs...
- http://www.securityt....com/id/1027008
Date: May 2 2012
CVE Reference: CVE-2011-3285, CVE-2011-3309, CVE-2011-4006, CVE-2012-0335
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): ASA 5500 Series; 7.2 - 8.5
Description: Several vulnerabilities were reported in Cisco ASA. A remote user can cause denial of service conditions. A remote user can conduct HTTP response splitting attacks. A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix. The vendor's advisories are available at:
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html

Cisco Unified Contact Center Express Unspecified Flaw...
- http://www.securityt....com/id/1027009
Date: May 2 2012
CVE Reference: CVE-2011-2583
Impact: Denial of service via network
Version(s): CCX 8.0 and 8.5
Description: A vulnerability was reported in Cisco Unified Contact Center Express. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix. The vendor's advisory is available at:
http://www.cisco.com...e/uccx851rn.pdf

Cisco Secure Access Control Server Bugs...
- http://www.securityt....com/id/1027010
Date: May 3 2012
CVE Reference: CVE-2011-3293, CVE-2011-3317
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 5.2
Description: Two vulnerabilities were reported in Cisco Secure Access Control Server. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix. The vendor's advisory is available at:
http://www.cisco.com...26-9-Readme.txt

Cisco Wireless Control System...
- http://www.securityt....com/id/1027011
Date: May 3 2012
CVE Reference: CVE-2011-4014
Impact: Disclosure of system information, Disclosure of user information
Version(s): 7.0 prior to 7.0.230.0
Description: A vulnerability was reported in Cisco Wireless Control System. A remote authenticated user can view arbitrary files in a certain directory on the target system.
Solution: The vendor has issued a fix (7.0.230.0). The vendor's advisory is available at:
http://www.cisco.com..._RN7_0_230.html

Cisco IP Small Business Phones
- http://www.securityt....com/id/1027012
Date: May 3 2012
CVE Reference: CVE-2012-0333
Impact: Host/resource access via network
Version(s): SPA 500 series firmware 7.4.9 and prior
Description: A vulnerability was reported in Cisco Small Business IP Phones. A remote user can make unauthorized phone calls.
Solution: The vendor has issued a fix (7.5.1). The vendor's advisory is available at:
http://www-europe.ci...lnote_7_5_1.pdf

Cisco IP Communicator SCCP Message Bug...
- http://www.securityt....com/id/1027013
Date: May 3 2012
CVE Reference: CVE-2012-0361
Impact: Denial of service via network
Version(s): 7.0 - 8.6
Description: A vulnerability was reported in Cisco IP Communicator. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (8.6). The vendor's advisory is available at:
http://www.cisco.com.../CIPC8x_RN.html

:ph34r: :!: :ph34r:

Edited by AplusWebMaster, 03 May 2012 - 06:45 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 10 May 2012 - 02:45 PM

FYI...

Cisco multiple advisories - 2012.05.09

Cisco Unified MeetingPlace multiple vulns - update available
- https://secunia.com/advisories/49104/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Cross Site Scripting, Manipulation of data
Where: From remote
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0337 - 6.5
... vulnerabilities are reported in versions prior to 7.1.2.6 (MR1).
Solution: Update to version 7.1.2.6 (MR1).
Original Advisory: http://www.cisco.com...tes/mp71rn.html

- https://secunia.com/advisories/49102/
Release Date: 2012-05-09
Impact: Cross Site Scripting, Exposure of system information
Where: From remote
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-4232 - 5.0
Solution: Update to version 6.1.1.4 (MR1).
Original Advisory:
http://www.cisco.com...tes/mp61_rn.pdf

CiscoWorks LMS multiple vulns - update available
- https://secunia.com/advisories/49094/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3190 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4237 - 4.3
... vulnerabilities are reported in versions prior to 4.2.
Solution: Update to version 4.2.
Original Advisory: http://www.cisco.com...s/lms42rel.html

Cisco Secure ACS multiple vulns - update available
- https://secunia.com/advisories/49101/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Unknown, Cross Site Scripting, Manipulation of data
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3293 - 6.8
- http://web.nvd.nist....d=CVE-2011-3317 - 4.3
Solution: Update to version 5.2.0.26 patch 9.
Original Advisory: http://www.cisco.com...26-9-Readme.txt

:ph34r: :ph34r:

Edited by AplusWebMaster, 11 May 2012 - 08:35 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 16 May 2012 - 01:03 PM

FYI...

Cisco ASA vuln - updates available
- https://secunia.com/advisories/49139/
Release Date: 2012-05-16
Impact: Exposure of sensitive information
Where: From remote
- http://web.nvd.nist....d=CVE-2012-0335 - 5.0
... vulnerability is reported in versions -prior- to interim release 8.4.3(8).
Solution: Update to interim release 8.4.3(8).
Original Advisory:
http://www.cisco.com...ease-Notes.html
___

- http://tools.cisco.c...licationListing

Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
- http://tools.cisco.c...20314-asaclient
2012 March 14 - "... Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available..."

Cisco IOS Software Network Address Translation Vulnerabilities
- http://tools.cisco.c...sa-20110928-nat
2012 March 14 - "... Cisco has released free software updates that address this vulnerability..."

:!: :ph34r:

Edited by AplusWebMaster, 18 May 2012 - 06:52 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 31 May 2012 - 05:03 AM

FYI...

- http://tools.cisco.c...licationListing

Cisco IOS XR DoS vuln - update available
- https://secunia.com/advisories/49329/
Release Date: 2012-05-31
Criticality level: Moderately critical
Impact: DoS
Where: From remote
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-2488 - 7.8 (HIGH)
A vulnerability has been reported in Cisco IOS XR, which can be exploited by malicious people to cause a Denial of Service (DoS)... There are no workarounds for the vulnerability described in this document... Cisco has released free software updates that addresses the vulnerability...
Original Advisory: Cisco:
http://tools.cisco.c...-20120530-iosxr

:ph34r:

Edited by AplusWebMaster, 31 May 2012 - 12:39 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 21 June 2012 - 12:16 PM

FYI...

- http://tools.cisco.c...licationListing

Cisco AnyConnect VPN Client vulns
- https://secunia.com/advisories/49645/
Release Date: 2012-06-21
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: Cisco AnyConnect VPN Client 2.x, 3.x
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-2493 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2494 - 4.3
- http://web.nvd.nist....d=CVE-2012-2495 - 4.3
- http://web.nvd.nist....d=CVE-2012-2496 - 6.8
... see the vendor's advisory for the list of affected versions.
Solution: Update to a fixed version.
Original Advisory:
http://tools.cisco.c...-sa-20120620-ac

Cisco ASA 5500 and Cisco Catalyst 6500 DoS vuln
- http://tools.cisco.c...0120620-asaipv6
June 20, 2012
- https://secunia.com/advisories/49647/
CVE Reference: http://web.nvd.nist....d=CVE-2012-3058 - 7.8 (HIGH)

Cisco ACE admin IP Address Overlap vuln
- http://tools.cisco.c...sa-20120620-ace
June 20, 2012
- https://secunia.com/advisories/49646/
CVE Reference: http://web.nvd.nist....d=CVE-2012-3063 - 7.1 (HIGH)

:!:

Edited by AplusWebMaster, 23 June 2012 - 11:50 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 28 June 2012 - 07:35 AM

FYI...

- http://tools.cisco.c...licationListing

- http://www.securityt....com/id/1027212
CVE Reference: CVE-2012-3053, CVE-2012-3054, CVE-2012-3055, CVE-2012-3056, CVE-2012-3057
Jun 27 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): 27.x
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix for Cisco WebEx Business Suite (WBS27):
Client builds 28.1.0 (T28 L10N SP1)
Client builds 27.32.2 (T27 LD SP32 CP2)
Client builds 27.25.11 (T27 LC SP25 EP11)
The vendor's advisory is available at:
http://tools.cisco.c...-20120627-webex

Cisco WebEx Player ARF Processing Buffer Overflow vuln
- https://secunia.com/advisories/49751/
Release Date: 2012-06-28
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2012-3053
Solution: Update to a fixed client build...
Original Advisory: Cisco:
http://tools.cisco.c...-20120627-webex

Cisco WebEx Player WRF Processing multiple vulns
- https://secunia.com/advisories/49750/
Release Date: 2012-06-28
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-3054, CVE-2012-3055, CVE-2012-3056, CVE-2012-3057
Solution: Update to a fixed client build...
Original Advisory: Cisco:
http://tools.cisco.c...-20120627-webex

- https://www.us-cert...._advisory_for31
June 29, 2012
___

- http://h-online.com/-1629845
2 July 2012

:!: :!:

Edited by AplusWebMaster, 03 July 2012 - 05:57 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 12 July 2012 - 08:21 AM

FYI...

- http://tools.cisco.c...licationListing

Multiple Vulnerabilities in Cisco TelePresence Recording Server
- http://tools.cisco.c...a-20120711-ctrs
2012 July 11 - "... Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.
Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released updated software that resolves the command and code execution vulnerabilities... There are no workarounds that mitigate these vulnerabilities..."
> http://www.securityt....com/id/1027244
CVE Reference: CVE-2012-2486, CVE-2012-3073, CVE-2012-3076

Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
- http://tools.cisco.c...a-20120711-ctms
2012 July 11 - "... Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities..."
> http://www.securityt....com/id/1027241
CVE Reference: CVE-2012-2486, CVE-2012-3073

Multiple Vulnerabilities in Cisco TelePresence Manager
- http://tools.cisco.c...20120711-ctsman
2012 July 11 - "... Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities..."
> http://www.securityt....com/id/1027241
CVE Reference: CVE-2012-2486, CVE-2012-3073

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
- http://tools.cisco.c...sa-20120711-cts
2012 July 11 - "... Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities..."
> http://www.securityt....com/id/1027245
CVE Reference: CVE-2012-2486, CVE-2012-3074, CVE-2012-3075
___

Cisco TelePresence Immersive Endpoint Multiple Vulnerabilities
- https://secunia.com/advisories/49879/
Cisco TelePresence Recording Server Two Vulnerabilities
- https://secunia.com/advisories/49864/
Cisco TelePresence Recording Server Denial of Service Vulnerability
- https://secunia.com/advisories/49880/
Cisco TelePresence Products Denial of Service and Code Execution Vulnerabilities
- https://secunia.com/advisories/49915/

:!: :!:

Edited by AplusWebMaster, 12 July 2012 - 08:50 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 07 August 2012 - 07:17 AM

FYI...

Cisco ASA SIP and WebVPN Bugs ...
- http://www.securityt....com/id/1027355
CVE Reference: CVE-2012-2472, CVE-2012-2474
Aug 7 2012
Version(s): ASA 5500 Series; 8.2 - 8.4
Description: Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.
Impact: A remote user can cause excessive memory consumption on the target system.
... vendor's advisories are available at:
http://www.cisco.com...es/asarn84.html
http://www.cisco.com...ease-Notes.html

Cisco AnyConnect Secure Mobility Client Bugs ...
- http://www.securityt....com/id/1027354
CVE Reference: CVE-2012-2498, CVE-2012-2499, CVE-2012-2500
Aug 7 2012
Version(s): 3.0 - 3.0.08066
Description: Several vulnerabilities were reported in Cisco AnyConnect Secure Mobility Client. A remote user can spoof a system.
Impact: A remote user with the ability to conduct a man-in-the-middle attack can spoof a target server.
... No fix was available for CVE-2012-2498.
The vendor's advisory is available at:
http://www.cisco.com...onnect30rn.html

Cisco IP Communicator Bug ...
- http://www.securityt....com/id/1027353
CVE Reference: CVE-2012-2490
Aug 7 2012
Version(s): 8.6
Description: A vulnerability was reported in Cisco IP Communicator. A remote user with the ability to conduct man-in-the-middle attacks can modify the Certificate Trust List.
Impact: A remote user with the ability to conduct man-in-the-middle attacks can modify the Certificate Trust List.
Solution: The vendor has issued a fix (8.6.2).
The vendor's advisory is available at:
http://www.cisco.com.../CIPC8x_RN.html

Cisco NX-OS CDP Packet Processing Flaw ...
- http://www.securityt....com/id/1027352
CVE Reference: CVE-2012-2469
Aug 7 2012
Version(s): Nexus 7000 Series Switches; 4.2, 5.0, 5.1, and 5.2
Description: A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions...
Impact: A remote user can cause the target device to reset.
Solution: The vendor has issued a fix (5.2(1)).
The vendor's advisory is available at:
http://www.cisco.com...lease_note.html

Cisco Carrier Routing System ...
- http://www.securityt....com/id/1027351
CVE Reference: CVE-2012-1342
Aug 7 2012
Version(s): 3.9, 4.0, 4.1
Description: A vulnerability was reported in Cisco Carrier Routing System. A remote user can bypass access control lists...
Impact: A remote user can bypass ACL entries.
Solution: The vendor has issued a fix (3.9.2).
The vendor's advisory is available at:
http://www.cisco.com...areid=280867577

Cisco Unified Computing System SSH Processing Flaw ...
- http://www.securityt....com/id/1027350
CVE Reference: CVE-2012-1339
Aug 7 2012
Version(s): 2.0
Description: A vulnerability was reported in Cisco Unified Computing System. A remote user can cause denial of service conditions...
Impact: A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (2.0(2m)).
The vendor's advisory is available at:
http://www.cisco.com...s/OL_25363.html

Cisco Catalyst Switch Local Web Authentication Bug ...
- http://www.securityt....com/id/1027349
CVE Reference: CVE-2012-1338
Aug 7 2012
Version(s): Catalyst 3560 and 3750 series; running IOS 15.0, 15.1
Description: A vulnerability was reported in Cisco Catalyst Switch. A remote authenticated user can cause denial of service conditions.
Impact: A remote authenticated user can cause the target device to reload.
Solution: The vendor has issued a fix (15.0(1)SE1).
The vendor's advisory is available at:
http://www.cisco.com...es/OL25302.html

Cisco MDS Fibre Channel over IP Flaw ...
- http://www.securityt....com/id/1027348
CVE Reference: CVE-2012-1340
Aug 7 2012
Version(s): 9000 Series; 4.2 and 5.2
Description: A vulnerability was reported in Cisco MDS. A remote user can cause denial of service conditions.
Impact: A remote user can cause a module reload on the target system.
Solution: The vendor has issued a fix (5.2(2)).
The vendor's advisory is available at:
http://www.cisco.com..._notes_522.html

:ph34r: :ph34r:

Edited by AplusWebMaster, 07 August 2012 - 07:19 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 13 August 2012 - 08:01 AM

FYI...

Cisco IOS SSL VPN DoS vuln
- https://secunia.com/advisories/50264/
Release Date: 2012-08-13
Impact: DoS
Where: From remote
Operating System: Cisco IOS 15.1, Cisco IOS 15.2
CVE Reference: http://web.nvd.nist....d=CVE-2012-1344
Solution: Apply patches (please see the vendor's advisory for more information)...
Original Advisory:
http://tools.cisco.c...x?alertId=26602
"... Updates are available... Cisco IOS versions 15.1 and 15.2 are vulnerable when an affected device running the vulnerable software is configured with a clientless SSL VPN..."

> http://www.cisco.com...151-2TCAVS.html
___

Cisco Emergency Responder v8.7 released
- https://secunia.com/advisories/50266/
Release Date: 2012-08-13
Impact: DoS
Where: From local network
CVE Reference: http://web.nvd.nist....d=CVE-2012-1346
... vulnerability is reported in versions prior to 8.7.
Solution: Update to version 8.7.
Original Advisory:
http://tools.cisco.c...x?alertId=26610

> https://www.cisco.co...chapter_00.html

:ph34r:

Edited by AplusWebMaster, 13 August 2012 - 11:44 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 16 August 2012 - 09:43 AM

FYI...

> http://tools.cisco.c...cationListing.x

Cisco IOS XR Software Route Processor DoS vuln
- http://tools.cisco.c...-20120530-iosxr
2012 August 15 Rev 2.0
Summary: Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability..."

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 13 September 2012 - 03:34 PM

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Unified Presence / Jabber XCP Stream update available
- https://secunia.com/advisories/50562/
Release Date: 2012-09-13
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: Cisco Jabber Extensible Communications Platform (Jabber XCP) 5.x, Cisco Unified Presence 8.x ...
CVE Reference: http://web.nvd.nist....d=CVE-2012-3935 - 7.8 (HIGH)
Original Advisory:
http://tools.cisco.c...20120912-cupxcp
"... Successful exploitation of this vulnerability could cause the Connection Manager process to crash. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability..."

Cisco ASA-CX / Cisco PRSM update available
- https://secunia.com/advisories/50592/
Release Date: 2012-09-13
Impact: DoS
Where: From local network
Software: Cisco ASA-CX Context-Aware Security 9.x, Cisco Prime Security Manager (PRSM) 9.x
... security issue is reported in versions prior to 9.0.2-103.
CVE Reference: http://web.nvd.nist....d=CVE-2012-4629 - 7.8 (HIGH)
Solution: Update to version 9.0.2-103.
Original Advisory:
http://tools.cisco.c...-20120912-asacx
"... There are no workarounds for this vulnerability, but some mitigations are available. Cisco has released free software updates that address this vulnerability..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 13 September 2012 - 03:48 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 19 September 2012 - 12:22 PM

FYI...

Cisco IOS SSLVPN DoS vuln - IOS 15.2(1)T3 released
- https://secunia.com/advisories/50676/
Release Date: 2012-09-19
Impact: DoS
Where: From local network
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-3923
- http://web.nvd.nist....d=CVE-2012-3924
... vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to cause a DoS...
... vulnerability is reported in versions prior to 15.2(1)T3.
Operating System: Cisco IOS 15.2
Solution: Update to version 15.2(1)T3.
Original Advisory: Cisco (CSCte41827, CSCty97961):
http://www.cisco.com...152-1TCAVS.html
___

- http://tools.cisco.c...cationListing.x

Cisco AnyConnect Secure Mobility Client ...
- http://tools.cisco.c...-sa-20120620-ac
Revision 2.0
Last Updated: 2012 September 19

:ph34r:

Edited by AplusWebMaster, 19 September 2012 - 12:58 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 27 September 2012 - 05:26 AM

FYI...

> http://tools.cisco.c...cationListing.x

>> http://www.cisco.com..._ERP_sep12.html
Sep 26, 2012 - "... semiannual Cisco IOS Software Security Advisory Bundled Publication..."

Cisco IOS Software Session Initiation Protocol DoS vuln
- http://tools.cisco.c...sa-20120926-sip
2012 Sep 26 - Summary: A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause an affected device to reload. Affected devices must be configured to process SIP messages and for pass-through of Session Description Protocol (SDP) for this vulnerability to be exploitable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerability...

Cisco Unified Communications Manager Session Initiation Protocol Protocol DoS vuln
- http://tools.cisco.c...a-20120926-cucm
2012 Sep 26 - Summary: Cisco Unified Communications Manager contains a vulnerability in its Session Initiation Protocol (SIP) implementation that could allow an unauthenticated, remote attacker to cause a critical service to fail, which could interrupt voice services. Affected devices must be configured to process SIP messages for this vulnerability to be exploitable. Cisco has released free software updates that address this vulnerability. A workaround exists for customers who do not require SIP in their environment...

Cisco IOS Software Tunneled Traffic Queue Wedge vuln
- http://tools.cisco.c...26-c10k-tunnels
2012 Sep 26 - Summary: Cisco IOS Software contains a queue wedge vulnerability that can be triggered when processing IP tunneled packets. Only Cisco IOS Software running on the Cisco 10000 Series router has been demonstrated to be affected. Successful exploitation of this vulnerability may prevent traffic from transiting the affected interfaces. Cisco has released free software updates that addresses this vulnerability. There are no workarounds for this vulnerability...

Cisco IOS Software DHCP DoS vuln
- http://tools.cisco.c...a-20120926-dhcp
2012 Sep 26 - Summary: Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available...

Cisco IOS Software Network Address Translation vulns
- http://tools.cisco.c...sa-20120926-nat
2012 Sep 26 - Summary: The Cisco IOS Software Network Address Translation (NAT) feature contains two denial of service (DoS) vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released free software updates that address these vulnerabilities...

Cisco IOS Software Intrusion Prevention System DoS vuln
- http://tools.cisco.c...0120926-ios-ips
2012 Sep 26 - Summary: Cisco IOS Software contains a vulnerability in the Intrusion Prevention System (IPS) feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if specific Cisco IOS IPS configurations exist. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...

Cisco IOS Software DHCP Version 6 Server DoS vuln
- http://tools.cisco.c...20120926-dhcpv6
2012 Sep 26 - Summary: Cisco IOS Software and Cisco IOS XE Software contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted request to an affected device that has the DHCP version 6 (DHCPv6) server feature enabled, causing a reload. Cisco has released free software updates that address this vulnerability...

Cisco IOS Software Malformed Border Gateway Protocol Attribute vuln
- http://tools.cisco.c...sa-20120926-bgp
2012 Sep 26 - Summary: Cisco IOS Software contains a vulnerability in the Border Gateway Protocol (BGP) routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP sessions to reset. Repeated exploitation may result in an inability to route packets to BGP neighbors during reconvergence times. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability...

Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E DoS vuln
- http://tools.cisco.c...sa-20120926-ecc
2012 Sep 26 - Summary: The Catalyst 4500E series switch with Supervisor Engine 7L-E contains a denial of service (DoS) vulnerability when processing specially crafted packets that can cause a reload of the device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...

:!: :ph34r:

Edited by AplusWebMaster, 27 September 2012 - 09:52 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 11 October 2012 - 07:03 AM

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Firewall Services Module
- http://tools.cisco.c...a-20121010-fwsm
2012 October 10
Summary: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities:
DCERPC Inspection Buffer Overflow Vulnerability
DCERPC Inspection Denial Of Service Vulnerabilities
... Exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the affected device, or to execute arbitrary commands. Repeated exploitation could result in a denial of service (DoS) condition.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities...
> http://www.securityt....com/id/1027640
CVE Reference: CVE-2012-4661, CVE-2012-4662, CVE-2012-4663
Oct 10 2012
- https://secunia.com/advisories/50857/
Release Date: 2012-10-11
Criticality level: Moderately critical
Impact: DoS, System access
Where: From local network
Software: Cisco Firewall Services Module (FWSM) 4.x
CVE Reference(s): CVE-2012-4661, CVE-2012-4662, CVE-2012-4663
... vulnerability affects versions prior to 4.1(7).
Solution: Update to version 4.1(9).

Cisco WebEx Recording Format Player
- http://tools.cisco.c...-20121010-webex
2012 October 10
Summary: The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user... If the Cisco WebEx WRF Player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the Cisco WebEx WRF Player was manually installed, users will need to manually install a new version of the Cisco WebEx WRF Player after downloading the latest version from http://www.webex.com...-recording.html . Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities...
> http://www.securityt....com/id/1027639
CVE Reference: CVE-2012-3936, CVE-2012-3937, CVE-2012-3938, CVE-2012-3939, CVE-2012-3940, CVE-2012-3941
Oct 10 2012
Impact: Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (27.32.10 (T27LDSP32EP10), 28.4 (T28.4))...
- https://secunia.com/advisories/50905/
Release Date: 2012-10-11
Criticality level: Highly critical
Impact: System access
Where: From remote...
Software: WebEx Recording Format Player
CVE Reference(s): CVE-2012-3936, CVE-2012-3937, CVE-2012-3938, CVE-2012-3939, CVE-2012-3940, CVE-2012-3941
Solution: Update to version 28.4 or 27.32.10.

Cisco ASA 5500 Series Adaptive Security Appliances / Catalyst 6500 Series ASA Services Module
- http://tools.cisco.c...sa-20121010-asa
2012 October 10
Summary: Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities:
DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities...
Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities...
> http://www.securityt....com/id/1027641
CVE Reference: CVE-2012-4643, CVE-2012-4659, CVE-2012-4660, CVE-2012-4661, CVE-2012-4662, CVE-2012-4663
Oct 10 2012
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (7.2(5.8), 8.0(5.28), 8.1(2.56), 8.2(5.33), 8.3(2.34), 8.4(4.5), 8.5(1.14), 8.6(1.5))...
- https://secunia.com/advisories/50871/
Release Date: 2012-10-11
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote
Operating System: Cisco Adaptive Security Appliance (ASA) 7.x - 8.x, Cisco ASA 5500 Series Adaptive Security Appliances
CVE Reference(s): CVE-2012-4643, CVE-2012-4659, CVE-2012-4660, CVE-2012-4661, CVE-2012-4662, CVE-2012-4663
For more information: https://secunia.com/SA50857/
Solution: Update to version 7.2(5.8), 8.0(5.28), 8.1(2.56), 8.2(5.33), 8.3(2.34), 8.4(4.5), 8.5(1.14), or 8.6(1.5)...

:!: :ph34r:

Edited by AplusWebMaster, 11 October 2012 - 09:31 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 01 November 2012 - 07:03 AM

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Prime Data Center Network Manager vuln
- http://tools.cisco.c...a-20121031-dcnm
2012 Oct 31 - "Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability...
Vulnerable Products: All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability...

- https://secunia.com/advisories/51129/
Release Date: 2012-11-01
Criticality level: Moderately critical
Impact: System access
Where: From local network
CVE Reference: http://web.nvd.nist....d=CVE-2012-5417 - 10.0 (HIGH)
... security issue is reported in versions prior to 6.1(1).
Solution: Update to version 6.1(1).
Original Advisory: Cisco:
http://tools.cisco.c...a-20121031-dcnm
___

Cisco Unified MeetingPlace Web Conferencing vulns
- http://tools.cisco.c...-sa-20121031-mp
2012 Oct 31 - "Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities:
Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability...
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities...

- https://secunia.com/advisories/51103/
Release Date: 2012-11-01
Impact: Manipulation of data, DoS
Where: From local network
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2012-0337 - 6.5
- https://web.nvd.nist...d=CVE-2012-5416 - 7.8 (HIGH)
... vulnerabilities are reported in versions prior to 7.0, 7.0, 7.1, 8.0, and 8.5.
Solution: Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, or 8.5MR3.
Original Advisory: Cisco:
http://tools.cisco.c...-sa-20121031-mp

:!:

Edited by AplusWebMaster, 02 November 2012 - 01:35 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 07 November 2012 - 05:23 PM

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
- http://tools.cisco.c...sa-20121107-acs
2012 Nov 7 - "Summary: Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store.
An attacker may exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS.
Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability..."

:!: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 09 November 2012 - 02:43 PM

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Ironport Appliances Sophos Anti-Virus Vulnerabilities
- http://tools.cisco.c...20121108-sophos
2012 Nov 9 - "Summary: Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. An attacker could exploit these vulnerabilities by sending malformed files to an appliance that is running Sophos Anti-Virus. The malformed files could cause the Sophos antivirus engine to behave unexpectedly. As updates that address these vulnerabilities become available from Sophos, Cisco is working to qualify and automatically provision them through the Cisco Ironport ESA and WSA platforms...
Workarounds: Only Cisco Ironport ESA and WSA running Sophos Anti-Virus are vulnerable. Appliances running other antivirus programs are not affected. To mitigate this issue, customers can configure the Cisco Ironport appliances to use an alternate antivirus program. Cisco is providing 30-day trial licenses for McAfee AntiVirus through Ironport Technical Support as an interim workaround. To obtain a 30-day McAfee license please contact Ironport Technical Support at http://www.ironport....ct_support.html
Customers can enable the 30-day evaluation key by accessing Security Services > Sophos/McAfee Anti-Virus pages in the Web GUI or by running the antivirusconfig command in the CLI..."

:!: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 09 January 2013 - 07:13 PM

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Prime LAN Management Solution Command Execution vuln
- http://tools.cisco.c...sa-20130109-lms
2013 Jan 9 - "Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
- https://secunia.com/advisories/51814/
Release Date: 2013-01-10
Criticality level: Moderately critical
Impact:    System access
Where: From local network...
Solution: Update to version 4.2.3 or apply patches.

Cisco Unified IP Phone Local Kernel System Call Input Validation vuln
- http://tools.cisco.c...130109-uipphone
2013 Jan 9 - "Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges... Mitigations are available to help reduce the attack surface of affected devices. See the "Details" section of this security advisory and the accompanying Cisco Applied Mitigation Bulletin (AMB) for additional information..."
- https://secunia.com/advisories/51768/
Last Update: 2013-01-18
Solution: The vendor has released Engineering Special 9.3(1)-ES11, which mitigates the vulnerability...
Original Advisory:
http://tools.cisco.c...130109-uipphone

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 January 2013 - 11:12 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,703 posts

Posted 16 January 2013 - 03:01 PM

FYI...

- http://tools.cisco.c...cationListing.x

Cisco ASA 1000V Cloud Firewall - DoS vuln
- http://tools.cisco.c...130116-asa1000v
2013 Jan 16 - "Summary: A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released free software updates that address this vulnerability...
Note: Only Cisco ASA Software for the Cisco ASA 1000V Cloud Firewall is affected by the vulnerability described in this advisory. Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module or Cisco Catalyst 6500 Series Firewall Services Module (FWSM) are not affected by this vulnerability...

- https://secunia.com/advisories/51897/
Release Date: 2013-01-16
Criticality level: Moderately critical
Impact: DoS
Where: From remote...
Solution: Update to version 8.7.1.3.
 

:ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
.




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button