<< Previous Next >>
affected
Summary
=======
A device running Cisco IOS software that has Internet Protocol
version 6 (IPv6) enabled may be subject to a denial of service (DoS)
attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4)
User Datagram Protocol (UDP) services enabled. To exploit this
vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger
this vulnerability. Successful exploitation will prevent the
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
The Cisco Discovery Protocol Remote Code Execution vulnerability
affects Cisco TelePresence endpoint devices, Manager, Multipoint
Switch, and Recording Server. The defect that is related to each
component is covered in each associated advisory. The Cisco bug IDs
for these defects are as follows:
* Cisco TelePresence endpoint devices (CSCtd75754)
Summary
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled. Remote code execution may also
be possible.
Cisco has released free software updates that address these
vulnerabilities. For devices that must run SIP there are no
in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
default, but its use is highly recommended as a security best
practice for management of Cisco IOS devices. SSH can be configured
as part of the AutoSecure feature in the initial configuration of IOS
devices, AutoSecure run after initial configuration, or manually.
Devices that are not configured to accept SSH connections are not
affected by these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159
has been assigned to this vulnerability.
This advisory is posted at
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software is affected by two vulnerabilities that cause a
Cisco IOS device to reload when processing IP version 6 (IPv6)
packets over a Multiprotocol Label Switching (MPLS) domain. These
vulnerabilities are:
* Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload
display a malicious file if they manage to get their file onto the
system prior to installation.
The issue can only be exploited at the time that Workstation 7.x or
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
configuration. This configuration file may include passwords or other
sensitive information.
The IOS Secure Copy Server is an optional service that is disabled by
default. Devices that are not specifically configured to enable the IOS
Secure Copy Server service are not affected by this vulnerability.
This vulnerability does not apply to the IOS Secure Copy Client
feature.
This advisory is posted at
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
Workarounds that mitigate these vulnerabilities are not available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml.
Affected Products
=================
The service policy bypass vulnerability affects all versions of the
Cisco IOS Software for the CSG2 prior to the first fixed release, as
indicated in the "Software Versions and Fixes" section of this advisory.
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
The Cisco IOS SCP server is an optional service that is disabled by
default. CLI views are a fundamental component of the Cisco IOS
Role-Based CLI Access feature, which is also disabled by default.
Devices that are not specifically configured to enable the Cisco IOS
SCP server, or that are configured to use it but do not use
role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client
feature.
Cisco has released free software updates that address this
A third vulnerability may cause access control list (ACL) entries to not
be evaluated after the access list has been manipulated.
Note: These vulnerabilities are independent of each other; a device may
be affected by one and not by the others.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml.
Affected Products
Summary
=======
Cisco IOS Software contains a vulnerability in the IP version 6
(IPv6) protocol stack implementation that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device that has IPv6 enabled. The vulnerability may be triggered when
the device processes a malformed IPv6 packet.
Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate this
=======
A vulnerability exists in the Session Initiation Protocol (SIP)
implementation in Cisco IOS® Software that could allow an
unauthenticated attacker to cause a denial of service (DoS) condition
on an affected device when the Cisco Unified Border Element feature
is enabled.
Cisco has released free software updates that address this
vulnerability. For devices that must run SIP there are no
workarounds; however, mitigations are available to limit exposure of
* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
available.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
+---------------------------------------------------------------------
Summary
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
Due to a manufacturing error, Cisco TelePresence System Integrator C
Series and Cisco TelePresence EX Series devices that were distributed
between November 18th, 2010 and September 19th, 2011 may have the root
account enabled.
Information on how to identify affected devices is available in the
Details section of this advisory.
Information on how to remediate this issue is available in the
Workarounds section of this advisory.
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml
Affected Products
=================
The following product is affected by this vulnerability:
* Cisco Industrial Ethernet 3000 Series Switches
+---------------------------------------------------------------------
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml.
Affected Products
=================
Vulnerable Products
+------------------
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
Summary
=======
A vulnerability exists in the Cisco IOS software implementation of
Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS
software releases.
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private
networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack
=======
Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram
Protocol (UDP) based Inter-Process Communication (IPC) channel that
is externally reachable. An attacker could exploit this vulnerability
to cause a denial of service (DoS) condition on affected devices. No
other platforms are affected.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.
an attacker to more easily forge DNS answers that can poison DNS caches.
To exploit this vulnerability an attacker must be able to cause a
vulnerable DNS server to perform recursive DNS queries. Therefore, DNS
servers that are only authoritative, or servers where recursion is not
allowed, are not affected.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.
process or potentially execute code on the host.
Workaround
- Configure virtual machines to use less than 4 GB of memory.
Virtual machines that have less than 4GB of memory are
not affected.
Mitigation
- Do not allow untrusted users access to your virtual machines.
Root or Administrator level permissions are not required to
exploit this issue.
<<Previous Next>>
|
