<< Previous Next >>
prior
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.32 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.24.1 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to |
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | All version prior to 1.2.31 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.23-rc4 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.x | All versions prior to |
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.35 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to 1.4.26.3 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.17 |
|----------------------------+---------+---------------------------------|
Erroneous SIP Processing Vulnerabilities
Cisco PIX and Cisco ASA devices configured for SIP inspection are
vulnerable to multiple processing errors that may result in denial of
service attacks. Cisco PIX and ASA software versions prior to 7.0(7)
16, 7.1(2)71, 7.2(4)7, 8.0(3)20, and 8.1(1)8 are vulnerable to these
SIP processing errors.
IPSec Client Authentication Processing Vulnerability
+------------------
The following Cisco Unified Communications Manager versions are
affected:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a
* Cisco Unified Communications Manager 5.x versions prior to 5.1
(3d)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(2)
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Commentary | We would like to thank Javantea for notifying us of this |
| | problem; however, we note that he posted exploit code |
| | prior to that notification, which is considered |
| | irresponsible behavior in the whitehat security industry. |
| | In the future, advance notice of any such release would |
| | be appreciated. |
+------------------------------------------------------------------------+
| Product | Release | |
| | Series | |
|------------------------------+---------+-------------------------------|
| Asterisk Open Source | 1.0.x | All versions |
|------------------------------+---------+-------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.27 |
|------------------------------+---------+-------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.18.1 and 1.4.19-rc3 |
|------------------------------+---------+-------------------------------|
| Asterisk Business Edition | A.x.x | All versions |
Affected Products
=================
The service policy bypass vulnerability affects all versions of the
Cisco IOS Software for the CSG2 prior to the first fixed release, as
indicated in the "Software Versions and Fixes" section of this advisory.
The two denial of service vulnerabilities only affect Cisco IOS Software
Release 12.4(24)MD1 on the Cisco CSG2. No other Cisco IOS Software
releases are affected.
Summary
=======
Tandberg C Series Endpoints and E/EX Personal Video units that are
running software versions prior to TC4.0.0 ship with a root
administrator account that is enabled by default with no password. An
attacker could use this account in order to modify the application
configuration or operating system settings.
Resolving this default password issue does not require a software
Summary
=======
Cisco Media Experience Engine (MXE) 5600 devices that are running
Cisco Media Processing Software releases prior to 1.2 ship with a
root administrator account that is enabled by default with a default
password. An unauthorized user could use this account to modify the
software configuration and operating system settings or gain complete
administrative control of the device. A software upgrade is not
required to resolve this vulnerability. Customers can change the root
in the following table:
+------------------------------------------------------------+
| Vulnerability | Platform | Affected Versions |
|-------------------+-----------+----------------------------|
| | Microsoft | All versions prior to |
| | Windows | 2.3.185 |
| |-----------+----------------------------|
| Arbitrary Program | | * All versions in major |
| Execution | | releases other than |
| Vulnerability | Linux, | 2.5.x and 3.0.x. |
an ACL.
Vulnerable Products
+------------------
All Cisco Nexus 5000 NX-OS Software Releases 5.0(2) and 5.0(3) prior
to 5.0(3)N2(1) are affected by this vulnerability.
Note: Cisco Nexus 5000 NX-OS Software Releases 4.x are not affected
by this vulnerability.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
software.
Cisco Unified Presence
+---------------------
All versions of Cisco Unified Presence prior to 8.5(4) are affected
by the vulnerability in this advisory.
Jabber XCP and JabberNow Appliances
+----------------------------------
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
III. AFFECTED PRODUCTS
--------------------------------
Adobe Reader version 9.1.3 and prior
Adobe Reader version 8.1.6 and prior
Adobe Reader version 7.1.3 and prior
Adobe Acrobat version 9.1.3 and prior
Adobe Acrobat version 8.1.6 and prior
Adobe Acrobat version 7.1.3 and prior
III. AFFECTED PRODUCTS
--------------------------------
Sun Java JDK version 6 Update 18 and prior
Sun Java JDK version 5.0 Update 23 and prior
Sun Java JRE version 6 Update 18 and prior
Sun Java JRE version 5.0 Update 23 and prior
Sun Java JRE version 1.4.2_25 and prior
Sun Java SDK version 1.4.2_25 and prior
III. AFFECTED PRODUCTS
--------------------------------
Sun Java JDK version 6 Update 18 and prior
Sun Java JDK version 5.0 Update 23 and prior
Sun Java JRE version 6 Update 18 and prior
Sun Java JRE version 5.0 Update 23 and prior
Sun Java JRE version 1.4.2_25 and prior
Sun Java SDK version 1.4.2_25 and prior
TSL ID: FSC20100108-01
1. Affected Software
ACD Systems ACDSee Photo Editor 2008 build 286 and prior
ACD Systems ACDSee Photo Manager 8.1 build 99 and prior
ACD Systems ACDSee Photo Manager 9.0 build 108 and prior
2. Vulnerability Summary
TSL ID: FSC20100701-01
1. Affected Software
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
References:
+------------------
The following Cisco Unified Communications Manager versions are
affected:
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3g)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(4)
* Cisco Unified Communications Manager 7.0.x versions prior to 7.0(2a)su1
* Cisco Unified Communications Manager 7.1.x versions prior to 7.1(2)
Cisco Unified CallManager versions 4.x are not affected by this
+------------------
The following IronPort Encryption Appliance/PostX versions are
affected by these vulnerabilities:
* All PostX 6.2.1 versions prior to 6.2.1.1
* All PostX 6.2.2 versions prior to 6.2.2.3
* All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1
* All IronPort Encryption Appliance/PostX 6.2.5 versions
* All IronPort Encryption Appliance/PostX 6.2.6 versions
* All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7
<<Previous Next>>
|
