Next Page >>
customers
* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
available.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
SIP implementation, and one vulnerability is in the MGCP
implementation.
The following vulnerabilities can cause affected devices to crash:
* CSCsl39126 (registered customers only), CVE ID CVE-2010-0601
* CSCsk32606 (registered customers only), CVE ID CVE-2010-0602
* CSCsk40030 (registered customers only), CVE ID CVE-2010-0603
* CSCsk38165 (registered customers only), CVE ID CVE-2010-0604
* CSCsk44115 (registered customers only), CVE ID CVE-2010-1561
* CSCsj98521 (registered customers only), CVE ID CVE-2010-1562
a malformed request to an affected device via TCP port 8082.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit this vulnerability.
* Cisco TelePresence endpoint - CSCtb31640 ( registered customers
only) has been assigned the CVE identifier CVE-2011-0372
CGI Command Injection
Multiple CGI command injection vulnerabilities exist in Cisco
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit these vulnerabilities.
* Cisco TelePresence Recording Server - CSCtf42005 ( registered
customers only) has been assigned the CVE identifier
CVE-2011-0383.
CGI Command Injection
+--------------------
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
* Cisco Unified Communications Manager 8.x
Note: Cisco Unified Communications Manager version 5.1 reached end of
software maintenance on February 13, 2010. Customers who are using
Cisco Unified Communications Manager 5.x versions should contact
their Cisco support team for assistance in upgrading to a supported
version of Cisco Unified Communications Manager.
Products Confirmed Not Vulnerable
Default credentials are assigned for several predefined user accounts
on the device including the administrative user account. Any user
with network access to the device can log in as an administrator and
take complete control over the vulnerable device.
* CSCtb83495 ( registered customers only) has been assigned the CVE
identifier CVE-2010-0595.
Privilege escalation
+-------------------
80, 443, or 8080.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit these vulnerabilities.
* CTMS - CSCtf42008 ( registered customers only) has been assigned
the CVE identifier CVE-2011-0383.
* CTMS - CSCtf01253 ( registered customers only) has been assigned
the CVE identifier CVE-2011-0384.
Unauthenticated Arbitrary File Upload
* NTLMv1 Authentication Bypass Vulnerability
Because the Cisco PIX 500 Series Security Appliances reached End of
Software Maintenance Releases on July 28, 2009, no further software
releases will be available for the Cisco PIX 500 Series Security
Appliances. Cisco PIX 500 Series Security Appliances customers are
encouraged to migrate to Cisco ASA 5500 Series Adaptive Security
Appliances or to implement any applicable workarounds that are listed
in the "Workarounds" section of this advisory. Fixed software is
available for the Cisco ASA 5500 Series Adaptive Security Appliances.
For more information, refer to the End of Life announcement at:
A workaround exists for one of the two vulnerabilities disclosed in this
advisory.
Cisco has made free software available to address these vulnerabilities
for affected customers.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml.
Affected Products
|------------------------------------+--------------------------|
| 4.0.1 on Microsoft Windows | 4.0.1 |
+---------------------------------------------------------------+
Note: CiscoWorks LAN Management Solution versions prior to 3.2
reached end of software maintenance. Customers should contact
their Cisco support team for assistance in upgrading to a
supported version of CiscoWorks LAN Management Solution.
* Cisco Security Manager
For Public Release 2008 May 21 1600 UTC (GMT)
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
For Public Release 2008 May 21 1600 UTC (GMT)
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
For Public Release 2008 May 21 1600 UTC (GMT)
Summary
=======
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser
account. Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
A service policy bypass vulnerability exists in the Cisco Content
Services Gateway - Second Generation (CSG2), which runs on the
Cisco Service and Application Module for IP (SAMI). Under certain
configurations this vulnerability could allow:
* Customers to access sites that would normally match a billing
policy to be accessed without being charged to the end customer
* Customers to access sites that would normally be denied based on
configured restriction policies
Additionally, Cisco IOS Software Release 12.4(24)MD1 on the Cisco
Summary
=======
Cisco Unified Contact Center Express (Cisco Unified CCX) server contains
both a directory traversal vulnerability and a script injection
vulnerability in the administration pages of the Customer Response
Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco
Unified IP IVR) products. Exploitation of these vulnerabilities could
result in a denial of service condition, information disclosure, or a
privilege escalation attack.
A device with the SSH server enabled is vulnerable.
These vulnerabilities are documented in Cisco Bug IDs:
* CSCsk42419 ( registered customers only)
* CSCsk60020 ( registered customers only)
* CSCsh51293 ( registered customers only)
Vulnerability Scoring Details
=============================
a denial of service (DoS) condition. The first vulnerability exists
when processing TCP packets, and the second vulnerability affects
devices with service termination enabled.
Cisco has made free software available to address these
vulnerabilities for affected customers.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml
Affected Products
=======
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and
using Border Gateway Protocol (BGP) between Customer Edge (CE) and
Provider Edge (PE) devices may permit information to propagate
between VPNs.
Workarounds are available to help mitigate this vulnerability.
- -------------------------------------------------------------------------------
Summary
=======
Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a
conversion utility to convert over to a Cisco Wireless Control System (WCS).
This conversion utility creates and uses administrative accounts with default
credentials. Because there is no requirement to change these credentials during
the conversion process, an attacker may be able to leverage the accounts that
have default credentials to take full administrative control of the WCS after
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
* Cisco Unified Communications Manager 8.x
Note: Cisco Unified Communications Manager version 6.1 reached the
End of Software Maintenance on September 3, 2011. Customers using
Cisco Unified Communications Manager 6.x versions, should contact
their Cisco support team for assistance in upgrading to a supported
version of Cisco Unified Communications Manager.
Products Confirmed Not Vulnerable
example.
FWSM#show version
FWSM Firewall Version 3.2(3)
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to
manage their devices can find the version of the software displayed in
the table in the login window or in the upper left corner of the ASDM
window. The version notation is similar to the following example.
FWSM Version: 3.2(3)
use one of the following methods:
* In the web interface, choose the Monitor tab, click Summary in
the left pane, and note the Software Version field.
Note: Customers who use a WLC Module in an Integrated Services
Router (ISR) will need to issue the service-module
wlan-controller 1/0 session command prior to performing the next
step on the command line. Customers who use a Cisco Catalyst
3750G Switch with an integrated WLC Module will need to issue the
session <Stack-Member-Number> processor 1 session command prior
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
vulnerability.
Details
=======
The Cisco GSS platform allows customers to leverage global content
deployment across multiple distributed and mirrored data locations,
optimizing site selection, improving Domain Name System (DNS)
responsiveness, and ensuring data center availability.
The GSS is inserted into the traditional DNS hierarchy and is closely
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to
manage their devices can find the version of the software displayed in
the table in the login window or in the upper left corner of the ASDM
window.
Products Confirmed Not Vulnerable
Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM)
to manage their devices can find their software version displayed in
a table in the login window or in the upper left corner of the ASDM
window.
Erroneous SIP Processing Vulnerabilities
The IP router alert option may or may not be present in packets
attempting to exploit the vulnerability described in this document.
This vulnerability is documented in Cisco bug ID CSCte14603 (
registered customers only) . This vulnerability has been assigned
Common Vulnerabilities and Exposures (CVE) ID CVE-2010-2830.
Vulnerability Scoring Details
=============================
process to fail, which could result in the disruption of voice
services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060
and 5061) are affected.
The first SIP DoS vulnerability is documented in Cisco Bug ID
CSCta31358 ( registered customers only) and has been assigned the CVE
identifier CVE-2010-2835. This vulnerability is fixed in Cisco
Unified Communications Manager versions 6.1(5), 7.0(2a)su3, 7.1(3b)
su2, 7.1(5) and 8.0(1). The corresponding IOS defect is CSCta20040.
The second SIP DoS vulnerability is documented in Cisco Bug ID
SCCP Inspection Denial of Service Vulnerability.
Because Cisco PIX 500 Series Security Appliances reached the end
of software maintenance releases milestone on July 28, 2009,
no further software releases will be available. Cisco PIX 500
Series Security Appliance customers are encouraged to migrate
to Cisco ASA 5500 Series Adaptive Security Appliances or to
implement any applicable workarounds that are listed in the
Workarounds section of this advisory. Fixed software is available
for Cisco ASA 5500 Series Adaptive Security Appliances only.
For more information, refer to the End of Life announcement at
device on TCP port 8080 or 8443.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit this vulnerability.
* Cisco TelePresence Manager: CSCtc59562 ( registered customers
only) has been assigned the Common Vulnerabilities and Exposures
(CVE) identifier CVE-2011-0380.
Java RMI Command Injection
+-------------------------
Next Page>>
|
