<< Previous Next >>
free software
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080521-cvp.shtml.
the CSM or CSM-S is configured for layer 7 load balancing. An attacker
can trigger this vulnerability when the CSM or CSM-S processes TCP
segments with a specific combination of TCP flags while servers behind
the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml.
when malformed UDP packets are sent to a vulnerable device. The
vulnerable UDP port numbers depend on the device configuration.
Default ports are not used for the vulnerable UDP IP SLA operation or
for the UDP responder ports.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml.
An unauthenticated attacker may be able to exploit this issue to access
sensitive information, including the password files and system logs,
which could be leveraged to launch subsequent attacks.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
vulnerabilities are independent of each other.
Exploitation of these vulnerabilities could result in a DoS condition or an
information disclosure.
Cisco has released free software updates that address these vulnerabilities in
the latest versions of Cisco Unified Contact Center products.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
>
> _____________________________________________
> | \ 1.636.410.0632 (voice)
> | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
> | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
> | "..in support of free software solutions." \ 1.700.227.9094 (IAXTEL)
> | \ 250797 (FWD)
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
> 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
> http://todd.fries.net/pgp.txt
Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco
Unified Operations Manager software that could allow an
unauthenticated, remote attacker to execute arbitrary code on
affected servers.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds available to mitigate these vulnerabilities.
This advisory is posted at:
malicious user to create extra multicast states on the core routers
or receive multicast traffic from other Multiprotocol Label Switching
(MPLS) based Virtual Private Networks (VPN) by sending specially
crafted messages.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
An unprivileged user could take advantage of this vulnerability to
gain full administrative access on the device or view another user's
credentials.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available on some devices.
This advisory is posted at:
the LocalSystem account.
A workaround exists for one of the two vulnerabilities disclosed in this
advisory.
Cisco has made free software available to address these vulnerabilities
for affected customers.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml.
vulnerabilities are:
* Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload
* ICMPv6 Packet May Cause MPLS-Configured Device to Reload
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at
Cisco Network Access Control (NAC) Guest Server system software
contains a vulnerability in the RADIUS authentication software that
may allow an unauthenticated user to access the protected network.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110330-nac.shtml
implementation in Cisco IOS® Software that could allow an
unauthenticated attacker to cause a denial of service (DoS) condition
on an affected device when the Cisco Unified Border Element feature
is enabled.
Cisco has released free software updates that address this
vulnerability. For devices that must run SIP there are no
workarounds; however, mitigations are available to limit exposure of
the vulnerability.
This advisory is posted at:
Policy Firewall Session Initiation Protocol (SIP) inspection are
vulnerable to denial of service (DoS) attacks when processing a
specific SIP transit packet. Exploitation of the vulnerability could
result in a reload of the affected device.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
to crash. Repeated exploitation could result in a sustained DoS
condition.
These vulnerabilities are independent of each other.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml
Cisco Unified Communications Manager contains a memory leak
vulnerability that could be triggered through the processing of
malformed Session Initiation Protocol (SIP) messages. Exploitation of
this vulnerability could cause an interruption of voice services.
Cisco has released free software updates for supported Cisco Unified
Communications Manager versions to address the vulnerability. A
workaround exists for this SIP vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml.
Skinny Client Control Protocol (SCCP) crafted messages may cause a
Cisco IOS device that is configured with the Network Address
Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
This advisory is posted at:
Cisco Unified Presence contains three denial of service (DoS)
vulnerabilities that may cause an interruption in presence services.
These vulnerabilities were discovered internally by Cisco, and there
are no workarounds.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml.
Recovery Framework (DRF) feature. A remote, unauthenticated user
could exploit this vulnerability to execute arbitrary commands that
may allow full administrative access to affected systems. There is a
workaround for this vulnerability.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080403-drf.shtml
that could allow unauthorized users to gain access to the IronPort
Encryption Appliance administration interface and modify other users'
settings. These vulnerabilities do not affect Cisco Registered
Envelope Service users.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for the vulnerabilities
that are described in this advisory.
This advisory is posted at:
Cisco Unified Communications Manager, formerly Cisco Unified
CallManager, contains two denial of service (DoS) vulnerabilities in
the Session Initiation Protocol (SIP) service. An exploit of these
vulnerabilities may cause an interruption in voice services.
Cisco will release free software updates that address these
vulnerabilities and this advisory will be updated as fixed software
becomes available. There are no workarounds for these
vulnerabilities.
Note: Cisco IOS software is also affected by the vulnerabilities
when users access a WRF file hosted on a WebEx server. If the WebEx
WRF Player was manually installed, users will need to manually install
a new version of the player after downloading the latest version from
www.webex.com.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml.
(FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600
Series Routers that may cause the Cisco FWSM to reload after
processing crafted SunRPC or certain TCP packets. Repeated
exploitation could result in a sustained DoS condition.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for the vulnerabilities
disclosed in this advisory.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
mitigations exist that can limit the exposure of this vulnerability.
A vulnerability in the Internet Group Management Protocol (IGMP)
version 3 implementation of Cisco IOS Software and Cisco IOS XE
Software allows a remote unauthenticated attacker to cause a reload
of an affected device. Repeated attempts to exploit this
vulnerability could result in a sustained denial of service (DoS)
condition. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml
on the device and one vulnerability that allows remote,
unauthenticated users to execute arbitrary code with elevated
privileges. There are workarounds available to mitigate these
vulnerabilities.
Cisco has released free software updates that address these
vulnerabilities. This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml
Affected Products
Cisco NX-OS Software is affected by a denial of service (DoS)
vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series
Switches that are running affected versions of Cisco NX-OS Software to
reload when the IP stack processes a malformed IP packet.
Cisco has released free software updates that address this
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos
role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client
feature.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds available for this vulnerability apart from
disabling either the SCP server or the CLI view feature if these
services are not required by administrators.
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Cisco IPS Event Viewer (IEV) that results in open TCP ports on both
the Cisco Security Manager server and IEV client. An unauthenticated,
remote attacker could leverage this vulnerability to access the MySQL
databases or IEV server.
Cisco has released free software updates that address this
vulnerability. A workaround is also available to mitigate this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml
<<Previous Next>>
|
