<< Previous Next >>
versions
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Vulnerable Products
+------------------
Cisco Unity Connection Privilege Escalation Vulnerability
The following versions of Cisco Unity Connection are vulnerable:
+---------------------------------------+
| Version | Affected |
|----------------------+----------------|
| Prior to 7.1 | Yes |
Affected Products
=================
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities. Affected versions of Cisco ASA Software
will vary depending on the specific vulnerability.
Vulnerable Products
+------------------
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
Affected Products
=================
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities. Affected versions of Cisco ASA Software
vary depending on the specific vulnerability.
Vulnerable Products
+------------------
Jetty 6.x and 7.x Multiple Vulnerabilities
Name Multiple Vulnerabilities in Jetty
Systems Affected Jetty 7.0.0 and earlier versions
Severity Medium
Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vendor http://www.mortbay.org/jetty/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Internet Explorer (IE) is the most widely used Web browser, with an
estimated count of 1,100 million users according to a worldwide survey
conducted and published in 2008 [1]. This advisory describes a
vulnerability that provides access to the contents of any file stored in
the local filesystem of user's machines running vulnerable versions of IE.
Exploitation of the vulnerability relies solely on the ability for a
would-be attacker to provide malicious HTML content from a website and
to predict the full pathname for the file that will be used to cache it
locally on the victim's system. If the entire path name can be
Vulnerable Products
+------------------
The vulnerabilities described in this document apply to the Cisco VPN
Client on the Microsoft Windows platform. The affected versions are
included in the following table:
+----------------------------------------------------------------+
| Vulnerability Name | Versions | Cisco Bug ID |
| | affected | |
Summary
=======
A vulnerability in the Internet Group Management Protocol (IGMP)
version 3 implementation of Cisco IOS Software and Cisco IOS XE
Software allows a remote unauthenticated attacker to cause a reload
of an affected device. Repeated attempts to exploit this
vulnerability could result in a sustained denial of service (DoS)
condition. Cisco has released free software updates that address this
vulnerability.
+---------------------------------------------------------------------
Summary
=======
Versions of the Cisco Application Velocity System (AVS) prior to
software version AVS 5.1.0 do not prompt users to modify system account
passwords during the initial configuration process. Because there is no
requirement to change these credentials during the initial configuration
process, an attacker may be able to leverage the accounts that have
default credentials, some of which have root privileges, to take full
=======
A vulnerability exists in the Cisco Firewall Services Module (FWSM)
- - - a high-speed, integrated firewall module for Cisco Catalyst 6500
switches and Cisco 7600 Series routers, that may result in a reload
of the FWSM. The only affected FWSM System Software Version is
3.2(3).
There are no known instances of intentional exploitation of this
issue. However, Cisco has observed data streams that appear to be
unintentionally triggering this vulnerability.
A specially constructed packet will cause BIND 9 ("named") to exit,
affecting DNS service.
CVE: CVE-2011-2464
Document Version: 2.0
Posting date: 05 Jul 2011
Program Impacted: BIND
Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and
Computer Telephony Integration (CTI) Manager services are affected by
these vulnerabilities.
To address these vulnerabilities, Cisco has released free software
updates for select Cisco Unified Communications Manager versions.
There is a workaround for of one the vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml
could cause an interruption to voice services. The Session Initiation
Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are
affected by these vulnerabilities.
Cisco has released free software updates for select Cisco Unified
Communications Manager versions that address these vulnerabilities.
There are no workarounds for these vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
VMware ESX 3.0.3 without patch ESX303-200811401-BG
VMware ESX 3.0.2 without patch ESX-1006980
NOTE: General Support for Workstation version 5.x ended on
2009-03-19. Users should plan to upgrade to the latest
Workstation version 6.x release.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
Vulnerable Products
+------------------
The FWSM is affected by a crafted HTTPS request vulnerability if the
HTTPS server on the FWSM is enabled and is running software versions
3.1(5) and prior or 3.2(1). Version 2.3.x is not affected. The HTTPS
server is not enabled by default.
The FWSM is affected by a crafted MGCP packet vulnerability if MGCP
application layer protocol inspection is enabled and the device is
Vulnerable Products
+------------------
Cisco ASA 5500 Series Adaptive Security Appliances that are running
one of the following versions contain the affected ActiveX component:
+---------------------------------------------------------------+
|Affected Version |Affected Release|
|----------------------------------------------+----------------|
| Cisco Adaptive Security Appliance Software |7.1 |
IPv6 Denial of Service Vulnerability
+-----------------------------------
Cisco ASA and Cisco PIX security appliances that are running software
version 7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable.
This vulnerability does not affect devices configured only for IPv4.
Note: IPv6 functionality is turned off by default.
IPv6 is enabled on the Cisco ASA and Cisco PIX security appliance
The Cisco WLC product family is affected by two DoS vulnerabilities:
* Internet Key Exchange (IKE) DoS Vulnerability
* HTTP DoS Vulnerability
The IKE DoS vulnerability affects Cisco WLC software versions 3.2 and
later. The HTTP DoS vulnerability affects Cisco WLC software versions
4.2 and later.
Privilege Escalation Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Summary
=======
Tandberg C Series Endpoints and E/EX Personal Video units that are
running software versions prior to TC4.0.0 ship with a root
administrator account that is enabled by default with no password. An
attacker could use this account in order to modify the application
configuration or operating system settings.
Resolving this default password issue does not require a software
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
Advisory ID: cisco-sa-20110720-asr9k
Revision 1.0
Summary
=======
Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this
vulnerability.
=================
Vulnerable Products
- -------------------
All non-fixed 2.x, 3.x and 4.x versions of the FWSM software are
affected by this vulnerability.
To determine the version of the FWSM software that is running, issue
the "show module" command-line interface (CLI) command from Cisco IOS
Software or Cisco Catalyst Operating System Software to identify what
for Integrated Services Routers, and Cisco Catalyst 3750G Integrated
Wireless LAN Controllers are affected by one or more of the following
vulnerabilities:
* The malformed HTTP or HTTPS authentication response denial of
service vulnerability affects software versions 4.2 and later.
* The SSH connections denial of service vulnerability affects
software versions 4.1 and later.
* The crafted HTTP or HTTPS request denial of service vulnerability
affects software versions 4.1 and later.
* The crafted HTTP or HTTPS request unauthorized configuration
- The VMware Descheduled Time Accounting Service is not running
in the virtual machine
The VMware Descheduled Time Accounting Service is no longer provided
in newer versions of VMware Tools, starting with the versions
released in Fusion 2.0.2 and ESX 4.0.
However, virtual machines migrated from vulnerable releases will
still be vulnerable if the three conditions listed above are met,
until their tools are upgraded.
=================
Vulnerable Products
+------------------
The following products and software versions are affected for each
vulnerability.
Denial of Service Vulnerabilities
+--------------------------------
*Vendor Information, Solutions and Workarounds*
Vendor statement:
"The current version of the Android SDK is an early look release to the
open source community, provided so that developers can begin working
with the platform to inform and shape our development of Android toward
production readiness. The Open Handset Alliance welcomes input from the
security community throughout this process. There will be many changes
and updates to the platform before Android is ready for end users,
Vulnerable Products
+------------------
The Cisco PIX and ASA security appliances are affected by a crafted MGCP
packet vulnerability if MGCP application layer protocol inspection is
enabled and the device is running certain 7.x software versions. Version
6.3.x is not affected. MGCP inspection is not enabled by default. For
specific affected versions, refer to the "Software Versions and Fixes"
section.
The PIX and ASA security appliances are also affected by a crafted TLS
=================
Vulnerable Products
+------------------
These vulnerabilities were identified in CSM software version 4.2 and
CSM-S software version 2.1. The following table helps illustrate the
vulnerable software versions for these products:
+---------------------------------------+
| Vulnerability | CSM | CSM-S |
<<Previous Next>>
|
