FYI...
- http://tools.cisco.c...cationListing.x
Cisco Firewall Services - Multiple Vulnerabilities
- http://tools.cisco.c...a-20131009-fwsm
2013 Oct 9 - "Summary: Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities:
Cisco FWSM Command Authorization Vulnerability
SQL*Net Inspection Engine Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Successful exploitation of the Cisco FWSM Command Authorization Vulnerability may result in a complete compromise of the confidentiality, integrity and availability of the affected system. Successful exploitation of the SQL*Net Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available..."
- http://www.securityt....com/id/1029163
CVE Reference: CVE-2013-5506, CVE-2013-5508
Oct 9 2013
Impact: Denial of service via network, Disclosure of system information, Modification of system information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 3.2(27), 4.1(14)...
Solution: The vendor has issued a fix (3.2(27), 4.1(14))...
Cisco ASA Software - Multiple Vulnerabilities
- http://tools.cisco.c...sa-20131009-asa
Last Updated 2013 Oct 10 - Revision 1.1 - "Summary: Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
SQL*Net Inspection Engine Denial of Service Vulnerability
Digital Certificate Authentication Bypass Vulnerability
Remote Access VPN Authentication Bypass Vulnerability
Digital Certificate HTTP Authentication Bypass Vulnerability
HTTP Deep Packet Inspection Denial of Service Vulnerability
DNS Inspection Denial of Service Vulnerability
AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
Clientless SSL VPN Denial of Service Vulnerability ...
Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities..."
Revision 2.2 - 2013-Dec-13 - Corrected some information about the SSL VPN Web Portal Denial of Service Vulnerability - CSCua22709
- http://www.securityt....com/id/1029162
CVE Reference: CVE-2013-3415, CVE-2013-5507, CVE-2013-5508, CVE-2013-5509, CVE-2013-5510, CVE-2013-5511, CVE-2013-5512, CVE-2013-5513, CVE-2013-5515
Oct 9 2013
Impact: Denial of service via network, Host/resource access via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Cisco ASA 5510, Cisco ASA 5520, Cisco ASA 5540, and Cisco ASA 5550 are not affected...
Solution: The vendor has issued a fix (7.2(5.12), 8.2(5.46), 8.3(2.39), 8.4(7), 8.5(1.18), 8.6(1.12), 8.7(1.7), 9.0(3.6), 9.1(2.8))...
:ph34r: :ph34r:
Edited by AplusWebMaster, 17 December 2013 - 10:09 AM.