<< Previous Next >>
version
Affected Products
=================
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities. Affected versions of Cisco ASA Software
vary depending on the specific vulnerability.
Vulnerable Products
+------------------
Vulnerable Products
+------------------
The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
=================
Vulnerable Products
+------------------
The following Cisco UCCX versions are vulnerable:
* Cisco UCCX version 6.0(x)
* Cisco UCCX version 7.0(x)
* Cisco UCCX version 8.0(x)
* Cisco UCCX version 8.5(x)
Vulnerable Products
+------------------
Cisco Unity Connection Privilege Escalation Vulnerability
The following versions of Cisco Unity Connection are vulnerable:
+---------------------------------------+
| Version | Affected |
|----------------------+----------------|
| Prior to 7.1 | Yes |
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02078800
Version: 1
HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
=================
Vulnerable Products
- -------------------
All non-fixed 2.x, 3.x and 4.x versions of the FWSM software are
affected by this vulnerability.
To determine the version of the FWSM software that is running, issue
the "show module" command-line interface (CLI) command from Cisco IOS
Software or Cisco Catalyst Operating System Software to identify what
- The VMware Descheduled Time Accounting Service is not running
in the virtual machine
The VMware Descheduled Time Accounting Service is no longer provided
in newer versions of VMware Tools, starting with the versions
released in Fusion 2.0.2 and ESX 4.0.
However, virtual machines migrated from vulnerable releases will
still be vulnerable if the three conditions listed above are met,
until their tools are upgraded.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01508161
Version: 1
HPSBMA02363 SSRT080106 rev.1 - HP Enterprise Discovery Running on Windows, Remote Authorized User, Gain Extended Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
The IOS secure shell server is disabled by default. To determine if
SSH is enabled, use the show ip ssh command.
Router#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
The previous output shows that SSH is enabled on this device and that
the SSH protocol major version that is being supported is 2.0. If the
text "SSH Disabled" is displayed, the device is not vulnerable.
* 7940
* 7940G
* 7960
* 7960G
The version of firmware running on an IP Phone can be determined via
the Settings menu on the phone or via the phone HTTP interface.
Products Confirmed Not Vulnerable
+--------------------------------
+---------------------------------------------------------------------
Summary
=======
Versions of the Cisco Application Velocity System (AVS) prior to
software version AVS 5.1.0 do not prompt users to modify system account
passwords during the initial configuration process. Because there is no
requirement to change these credentials during the initial configuration
process, an attacker may be able to leverage the accounts that have
default credentials, some of which have root privileges, to take full
Vulnerable Products
+------------------
The vulnerabilities described in this document apply to the Cisco VPN
Client on the Microsoft Windows platform. The affected versions are
included in the following table:
+----------------------------------------------------------------+
| Vulnerability Name | Versions | Cisco Bug ID |
| | affected | |
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
=================
Vulnerable Products
+------------------
All non-fixed 4.x versions of Cisco FWSM Software are affected by this
vulnerability if SCCP inspection is enabled. SCCP inspection is enabled
by default.
To check if SCCP inspection is enabled, issue the "show service-policy
| include skinny" command and confirm that the command returns output.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01767394
Version: 1
HPSBMA02438 SSRT090092 rev.1 - HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
Vulnerable Products
+------------------
The FWSM is affected by a crafted HTTPS request vulnerability if the
HTTPS server on the FWSM is enabled and is running software versions
3.1(5) and prior or 3.2(1). Version 2.3.x is not affected. The HTTPS
server is not enabled by default.
The FWSM is affected by a crafted MGCP packet vulnerability if MGCP
application layer protocol inspection is enabled and the device is
Vulnerable Products
+------------------
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series Switches and Cisco 7600 Series Routers is affected by multiple
vulnerabilities. Affected versions of Cisco FWSM Software vary
depending on the specific vulnerability.
SunRPC Inspection Denial of Service Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Products
+------------------
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine are affected by multiple vulnerabilities.
Affected versions vary depending on the specific vulnerability. For
specific version information, refer to the Software Versions and
Fixes section of this advisory.
RTSP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Products
+------------------
Cisco TelePresence Recording Server devices that are running an
affected version of software are affected.
To determine the current version of software that is running on the
Cisco TelePresence Recording Server, SSH into the device and issue the
show version active and the show version inactive commands. The
output should resemble the following example:
=================
Vulnerable Products
+------------------
Versions 3.1.x, 3.2.x, 4.0.x, and 4.1.x of Cisco FWSM software are
affected by this vulnerability if SCCP inspection is enabled. SCCP
inspection is enabled by default.
To determine whether SCCP inspection is enabled, issue the "show
service-policy | include skinny" command and confirm that the command
Vulnerable Products
+------------------
Cisco TelePresence Multipoint Switch devices running an affected
version of software are affected.
To determine the current version of software running on the Cisco
TelePresence Multipoint Switch, SSH into the device and issue the
show version active and the show version inactive commands. The
output should resemble the following example:
Vulnerable Products
+------------------
Cisco TelePresence Manager devices that are running an affected
version of software are affected.
To determine the current version of software that is running on the
Cisco TelePresence Manager, establish an SSH connection to the device
and issue the show version active and the show version inactive
commands. The output should resemble the following example:
=================
Vulnerable Products
+------------------
The following versions of Cisco Unified Presence and Jabber
Extensible Communications Platform (Jabber XCP) are affected by the
vulnerability in this advisory. JabberNow appliances are also
affected if they are running a vulnerable version of Jabber XCP
software.
VMware ESX 3.0.3 without patch ESX303-200904403-SG,
VMware ESX 3.0.2 without patch ESX-1008421.
NOTE: General Support for Workstation version 5.x ended on 2009-03-19.
Users should plan to upgrade to the latest Workstation version
6.x release.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to the
ESX-1005117.
NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
Extended support (Security and Bug fixes) for ESX 3.0.2 ends
on 10/29/2008 and Extended support for ESX 3.0.2 Update 1
ends on 8/8/2009. Users should plan to upgrade to ESX 3.0.3
and preferably to the newest release available.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
trivially overwritten.
4. *Vulnerable packages*
. Contact Cisco for a list of vulnerable versions.
5. *Non-vulnerable packages*
. Contact Cisco.
<<Previous Next>>
|
