<< Previous Next >>
providing
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
remotely injecting JavaScript code into the embedded IE control of the
AIM client.
- - Remote instantiation of Active X controls in the corresponding security
To determine the software version running on a Cisco Content Delivery
Engine, log in to the device and issue the "show version" command line
interface (CLI) command to display the system banner. Cisco CDS Internet
Streamer software will identify itself as "Content Delivery System
Software Release". On the same line of output, the version number will
be provided. This example identifies a Cisco Content Delivery Engine
that is running Cisco Content Delivery System software release 2.5.3:
cdn-cde#show version
Content Delivery System Software (CDS)
Copyright ) 1999-2010 by Cisco Systems, Inc.
Vendor estimated date for a code fix is Q3 2010.
Remediation Steps:
The following recommendations were provided by the vendor.
1. Hide NFS exports and show it only based on the configured access. Setting
forceFullShowmount param to 0 (default is 1) will hide the "/" from the list
since only Control Station have access to it for administration purpose:
Credit: Zack Fasel and Matthew Jakubowski of Trustwave's SpiderLabs
Finding 1: Static Credentials
CVE: CVE-2011-0885
All SMCD3G-CCR gateways provided by Comcast have an administrative
login of "mso" with the password of "D0nt4g3tme". These passwords
are not provided as a part of the installation of the device and are
not recommended to be changed, thus the majority of users are unaware
of the default configuration.
To determine the software version that is running on a Cisco Content
Delivery Engine, log in to the device and issue the show version
command-line interface (CLI) command to display the system banner.
Cisco CDS Internet Streamer software will identify itself as "Content
Delivery System Software Release". On the same line of output, the
version number will also be provided. This example identifies a Cisco
Content Delivery Engine that is running Cisco Content Delivery System
software release 2.5.9 build 5:
cdn-cde#show version
Content Delivery System Software (CDS)
CVE-2011-1623.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
vulnerability
These vulnerabilities are independent; a release that is affected by
one vulnerability may not necessarily be affected by the others.
Workarounds for some of the vulnerabilities are provided in this
advisory.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml.
been assigned CVE identifier CVE-2011-2585.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
The vulnerability is documented in Cisco IronPort bug 83262.
Note: Cisco IronPort tracks bugs using an internal system that is not
available to customers. The Cisco IronPort bug tracking identifiers
are provided for reference only.
Vulnerability Scoring Details
=============================
Cisco has scored the vulnerability in this advisory based on the
-- Arbitrary File Download #1:
An unauthenticated attacker is able to download files within the DOCUMENT_ROOT
(not forbidden by Apache configuration, e.g. tar, yml etc.).
PoC: https://192.168.1.1/pagedata.yml
CVSS: 4.7 (provided by vendor)
-- Arbitrary File Download #2:
An unauthenticated attacker is able to download files that are
readable by the Apache
assigned CVE ID CVE-2010-1571.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory based on the
Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security
Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity
and helps determine urgency and priority of response.
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
In addition to addressing newline issues, Cisco CSS devices should
provide better tools and documentation on securing certificate headers.
VSR recommends one or both of the following approaches be adopted:
* The CSS and ACE should strip any client certificate headers provided
by clients prior to adding new ones. Note that this approach cannot
be guaranteed to work if CR/LF ambiguities are not first corrected.
Note: Cisco has added a new command to the CSS firmware, currently
only available by TAC to address this issue via the following command:
* CSCsk13561 (registered customers only), CVE ID CVE-2010-1565
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this security advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
and Exposures (CVE) ID CVE-2009-2052.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
CVE-2010-0572.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
scheduled publication date but reminds that the date can be coordinated
with the vendor.
. 2009-10-08:
MSRC says that it is looking at the issue with priority, confirmed the
findings using the provided proof-of-concept tool but it is still
assessing the risks and will be back in touch in the next few days.
. 2009-10-28:
MSRC asks if Core Security Technologies has been able to exploit the
issue to achieve either a denial of service attack on either the guest
* CVE-2009-2880
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
identifier CVE-2010-0600.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this security advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
CVE-2010-0573.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2864.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
CVE-2010-0148.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
and has been assigned CVE ID CVE-2010-0142.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
Exposures (CVE) ID CVE-2010-0589.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
<<Previous Next>>
|
