Next Page >>
Local Network
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20120229-wlc
Revision 1.0
For Public Release 2012 February 29 16:00 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20090204-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: CiscoWorks LAN Management Solution Remote
Code Execution Vulnerabilities
Advisory ID: cisco-sa-20110914-lms
Revision 1.0
The following CiscoWorks products with the default Common Services
installed are affected by this vulnerability, due to their underlying
Common Services version:
* CiscoWorks LAN Management Solution
+---------------------------------------------------------------+
| LAN Management Solution Versions | Common Services Versions |
|------------------------------------+--------------------------|
| Prior to 3.2 on Microsoft Windows | Various |
| Cisco Unified Service Monitor | 2.0.1 | 3.0.5 |
|-------------------------------+------------------+----------------|
| CiscoWorks QoS Policy Manager | 4.0, 4.0.1, and | 3.0.5 |
| | 4.0.2 | |
|-------------------------------+------------------+----------------|
| CiscoWorks LAN Management | 2.6 Update | 3.0.5 |
| Solution | | |
|-------------------------------+------------------+----------------|
| CiscoWorks LAN Management | 3.0 | 3.1 |
| Solution | | |
|-------------------------------+------------------+----------------|
Description:
Huawei D100 is a device offered by the polish telecom operator - Play, to provide broadband Internet in CDMA technology and it's already widely in use.
Overview:
Huawei D100 firmware and its default configuration has flaws, which allows LAN users to gain unauthorized full access to device.
#1 No HTTPS support for the web interface
Communication to the web interface can be sniffed by the attacker.
#2 System doesn't force administrator to change default password upon first login
saxdax & drpepperONE
Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface
with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered
by Pirelli based on Broadcom platform.
#############################################################################################
saxdax & drpepperONE
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
#4 Brute-force attack on admin account
Login attempts are not limited at all.
#5 Denial of Service
It's trivial to conduct a successful SYN flood attack from WAN and LAN.
#6 Wi-Fi encryption is disabled by default
Communication in the LAN can be sniffed by the attacker.
#7 SSID broadcast is enabled by default
Anyone can connect to the LAN without any problems.
Title:
======
LAN Messenger v1.2.28 - Denial of Service Vulnerability
Date:
=====
2012-05-01
we've grown steadily throughout the years with Branch Offices in 20 countries
around the world."
"AMG-2000 is an AP Management Gateway dedicatedly designed for small to
medium-sized network deployment and management, making it an ideal solution
for easily creating and extending WLANs in SMB offices. With its user
management features, administrators will be able to manage the whole process
of wireless network access. In addition, Access Point (AP) management
functions allow administrators to discover, configure, update, and monitor all
managed APs from a single secured interface, and from there, gain full control
of entire wireless network."
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of
Service Vulnerability
Document ID: 112916
Advisory ID: cisco-sa-20110427-wlc
| CiscoWorks QoS | 4.0, | |
| Policy Manager | 4.0.1, | 3.0.5 |
| (QPM) | and | |
| | 4.0.2 | |
|-----------------+----------+----------|
| CiscoWorks LAN | 2.5, | |
| Management | 2.5.1, | 3.0.3 |
| Solution (LMS) | 2.6 | |
|-----------------+----------+----------|
| CiscoWorks LAN | 2.6 | |
| Management | Update | 3.0.5 |
> exactly*will* you do about it?
This seems rather obvious, but....
1. Ensure none of the affected SCADA systems are present on my work's
network (BTW none are present on my home LAN).
2. Ensure that these systems, if they exist, are not accessible from
either the Internet or even the local network where most of the users are.
(BTW those first two are a given as far as security 101 is concerned,
the rest seem like common sense)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20100908-wlc
Revision 1.0
Hi.
I see where you're going but I think you're missing the point a little. By
*default* the web interface is enabled on the LAN and accessible by anyone
on that LAN and the "remote management" interface (for the Internet) is
turned off. If the "remote management" interface was enabled, stopping ICMP
echo responses would not resolve this issue at all, turning the interface
off would do though (or restricting by IP, ...ack). The "remote management"
(love those quotes...) interface speaks over HTTP hence TCP so no amount of
dropping ICMP goodness will help with this. Anyhow, I am happy to discuss
Introduction:
=============
FlashFXP is a FTP (File Transfer Protocol) client for Windows, it offers you easy and fast ways to transfer any file between other local
computers (LAN - Local Area Network) running a FTP server or via the Internet (WAN - Wide Area Network) and even directly between two
servers using Site to Site transfers (FXP - File eXchange Protocol). Use FlashFXP to publish and maintain your website, Upload and download
documents, photos, videos, music and more! Share your files with your friends and co-workers using the powerful site manager. There are many
features and advanced options available within FlashFXP which are being added with the release of each new version stable or beta*. The software
is available in over 20 languages and under active development. FlashFXP offers high security, performance, and reliability that you can always
depend on to get your job done swiftly and efficiently.
--Tuesday, June 16, 2009, 2:11:27 AM, you wrote to m.elyazghi@gmail.com:
TN> Hi.
TN> I see where you're going but I think you're missing the point a little. By
TN> *default* the web interface is enabled on the LAN and accessible by anyone
TN> on that LAN and the "remote management" interface (for the Internet) is
TN> turned off. If the "remote management" interface was enabled, stopping ICMP
TN> echo responses would not resolve this issue at all, turning the interface
TN> off would do though (or restricting by IP, ...ack). The "remote management"
TN> (love those quotes...) interface speaks over HTTP hence TCP so no amount of
releases prior to 4.2.x are affected. Cisco NX-OS Software for
Cisco Nexus 7000 Series Switches versions 4.2.x and later are not
affected.
* Cisco TelePresence Video Communication Server (Cisco TelePresence
VCS)
* Cisco Video Surveillance Manager (VSM)
* Cisco Video Surveillance Operations Manager (VSOM)
* Cisco Wireless Control System (WCS)
Products Confirmed Not Vulnerable
The S1 and S2 servers which run in internet (so visible on the master
server) or hidden mode are vulnerable to a crash attack caused by the
access to a NULL pointer.
The problem is exploitable through a packet containing a byte 0x00 at
the data offset 23 of the pre-login packet with ID 3.
demo and LAN servers are not vulnerable.
---------------------------------------------------------
D] memcpy() NULL pointer in internet/hidden S1/S2 servers
---------------------------------------------------------
There are no workarounds available to mitigate these vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml
Note: CiscoWorks LAN Management Solution is also affected by these
vulnerabilities. A separate advisory for CiscoWorks LAN Management
Solution is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml
Affected Products
- -------------------------------------------------------------------------------
Summary
=======
Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a
conversion utility to convert over to a Cisco Wireless Control System (WCS).
This conversion utility creates and uses administrative accounts with default
credentials. Because there is no requirement to change these credentials during
the conversion process, an attacker may be able to leverage the accounts that
have default credentials to take full administrative control of the WCS after
Hello,
Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection.
Administration of settings on this device is allowed only from local LAN network but not only from
private IP address (eg 192.168.1.1) then You can access with public IP address (only from local LAN again).
There is no CSRF protection so we can create malicious web pages and create some CSRF attacks.
Is user is logged on his device we can change passwords or some another settings.
REFERENCES
=======================
Preth00nker's exploit (LAN) - http://www.milw0rm.com/exploits/2246
2Wire Gateways CRLF DoS (from local network) -
http://secunia.com/advisories/21583
Hakim.Ws - http://www.hakim.ws
WebVuln - http://www.webvuln.com
Thor, the "Online Proof of Concept" section of the blog post points you to a *remote*
exploit (without any warning) but let me repeat the link here:
http://www.binaryplanting.com/demo/XP_2-click/test.html
Visit this with IE8 on 32-bit Windows XP.
Please find further information here:
Thor, the "Online Proof of Concept" section of the blog post points you to a *remote*
exploit (without any warning) but let me repeat the link here:
http://www.binaryplanting.com/demo/XP_2-click/test.html
Visit this with IE8 on 32-bit Windows XP.
Please find further information here:
2) Severity
Rating: Moderately critical
Impact: Denial of Service
System Compromise
Where: Local Network
======================================================================
3) Vendor's Description of Software
"Novell GroupWise 8 gives you a wide range of collaborative tools to
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability
These vulnerabilities can be exploited using sessions to the Services
Ready Platform Configuration Utility web interface. These
vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if
remote management is enabled. Remote management is disabled by
default.
Cisco has released free software updates that address these
> On 1/4/2012 12:43 AM, Jann Horn wrote:
> Could this also be used in order to get access to a LAN from the outside,
> e.g. in order to manipulate ARP tables and thereby gain access to all
> unencrypted network traffic? Or is that usually impossible because of how
> the set-top box is connected?
>
We haven't verified whether local LAN could be sniffed or ARP tables of
other
impact any Cisco product that uses any version of TLS and SSL. The
vulnerability exists in how the protocol handles session renegotiation
and exposes users to a potential man-in-the-middle attack.
The following Cisco Bug IDs are being used to track potential exposure
to the SSL and TLS issues. The bugs listed below do not confirm
that a product is vulnerable, but rather that the product is under
investigation by the appropriate product teams.
Registered Cisco customers can view these bugs via Cisco's Bug Toolkit:
http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl
Next Page>>
|
