Next Page >>
devices
Summary
=======
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances that may result
in a reload of the device or disclosure of confidential information.
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
Summary
=======
Cisco IOS Software contains a vulnerability in multiple features
that could allow an attacker to cause a denial of service (DoS)
condition on the affected device. A sequence of specially crafted TCP
packets can cause the vulnerable device to reload.
Cisco has released free software updates that address this
vulnerability.
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS Software and Cisco IOS XE Software
that could allow an unauthenticated, remote attacker to cause a
reload of an affected device or trigger memory leaks that may result
in system instabilities. Affected devices would need to be configured
to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for devices that must run
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private
networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack
Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up
Networks (VPDN). Once this process is enabled the device is
vulnerable.
This vulnerability will result in a reload of the device when
processing a specially crafted L2TP packet.
Cisco IOS Software Release, 15.1(2)T is affected by a denial of
service (DoS) vulnerability during the TCP establishment phase. The
vulnerability could cause embryonic TCP connections to remain in a
SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these
states could consume system resources and prevent an affected device
from accepting or initiating new TCP connections, including any
TCP-based remote management access to the device.
No authentication is required to exploit this vulnerability. An attacker
does not need to complete a three-way handshake to trigger this
Summary
=======
Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this
vulnerability.
Summary
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS that can be exploited remotely to
trigger a memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
=================
Vulnerable Products
+------------------
Cisco IOS devices running vulnerable versions of Cisco IOS Software
are affected by two vulnerabilities in Cisco IOS IPS and Cisco IOS
Zone-Based Firewall. The two vulnerabilities are independent of each
other. Details to confirm affected configurations are provided below.
* Memory leak in Cisco IOS Software
=======
A vulnerability exists in the Session Initiation Protocol (SIP)
implementation in Cisco IOS® Software that could allow an
unauthenticated attacker to cause a denial of service (DoS) condition
on an affected device when the Cisco Unified Border Element feature
is enabled.
Cisco has released free software updates that address this
vulnerability. For devices that must run SIP there are no
workarounds; however, mitigations are available to limit exposure of
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled. Remote code execution may also
be possible.
Cisco has released free software updates that address these
vulnerabilities. For devices that must run SIP there are no
workarounds; however, mitigations are available to limit exposure of
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS^ Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for devices that must run
SIP; however, mitigations are available to limit exposure to the
vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
Advisory ID: cisco-sa-20111109-telepresence-c-ex-series
Revision 1.0
For Public Release 2011 November 9 16:00 UTC (GMT)
WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely
exploited without authentication to cause a denial of service
condition. Both vulnerabilities affect both Cisco IOS WebVPN and
Cisco IOS SSLVPN features:
1. Crafted HTTPS packet will crash device.
2. SSLVPN sessions cause a memory leak in the device.
Cisco has released free software updates that address these
vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series
Devices IPC Vulnerability
Advisory ID: cisco-sa-20080924-ipc
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml
affects Cisco TelePresence endpoints, Manager, Multipoint Switch, and
Recording Server. The defect that is related to each component is
covered in each associated advisory. The Cisco Bug IDs for these
defects are as follows:
* Cisco TelePresence endpoint devices - CSCtd75754
* Cisco TelePresence Manager - CSCtd75761
* Cisco TelePresence Multipoint Switch - CSCtd75766
* Cisco TelePresence Recording Server - CSCtd75769
The Java RMI Denial of Service vulnerability affects the Cisco
* Cisco TelePresence Multipoint Switch - CSCth61065
* Cisco TelePresence Recording Server - CSCth85786
The Cisco Discovery Protocol Remote Code Execution vulnerability
affects Cisco TelePresence endpoint devices, Manager, Multipoint
Switch, and Recording Server. The defect as related to each component
is covered in each associated advisory. The Cisco bug IDs for these
defects are as follows:
* Cisco TelePresence endpoint devices - CSCtd75754
Summary
=======
The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a
denial of service (DoS) vulnerability. The vulnerability is triggered
when malformed UDP packets are sent to a vulnerable device. The
vulnerable UDP port numbers depend on the device configuration.
Default ports are not used for the vulnerable UDP IP SLA operation or
for the UDP responder ports.
Cisco has released free software updates that address this
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3
(SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could
allow the disclosure of network information or may enable an attacker
to perform configuration changes to vulnerable devices. The SNMP
server is an optional service that is disabled by default in Cisco
products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
Any version of Cisco IOS prior to the versions which are listed in
the Software Versions and Fixes section below is vulnerable.
To determine the version of Cisco IOS software running on a Cisco
product, log in to the device and issue the show version command to
display the system banner. Cisco IOS Software will identify itself as
"Internetwork Operating System Software" or simply "IOS". On the next
line of output, the image name will be displayed between parentheses,
followed by "Version" and the IOS release name. Other Cisco devices
will not have the "show version" command or will give different
supported tunneling protocols used to tunnel PPP frames within the
VPDN solution.
The first vulnerability is a memory leak that occurs as a result of
PPTP session termination. The second vulnerability may consume all
interface descriptor blocks on the affected device because those
devices will not reuse virtual access interfaces. If these
vulnerabilities are repeatedly exploited, the memory and/or interface
resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Endpoint Devices
Advisory ID: cisco-sa-20110223-telepresence-cts
Revision 1.0
Summary
=======
Cisco IOS Software contains a memory leak vulnerability in the
Data-Link Switching (DLSw) feature that could result in a device
reload when processing crafted IP Protocol 91 packets.
Cisco has released free software updates that address this
vulnerability.
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are
affected by this vulnerability if the following conditions are
satisfied:
* The device has interfaces with IPv6 addresses
* System logging is enabled (command logging enable)
=======
The Secure Shell server (SSH) implementation in Cisco IOS contains
multiple vulnerabilities that allow unauthenticated users the ability
to generate a spurious memory access error or, in certain cases,
reload the device.
The IOS SSH server is an optional service that is disabled by
default, but its use is highly recommended as a security best
practice for management of Cisco IOS devices. SSH can be configured
as part of the AutoSecure feature in the initial configuration of IOS
=======
The server side of the Secure Copy (SCP) implementation in Cisco IOS
software contains a vulnerability that could allow authenticated
users with an attached command-line interface (CLI) view to transfer
files to and from a Cisco IOS device that is configured to be an SCP
server, regardless of what users are authorized to do, per the CLI
view configuration. This vulnerability could allow valid users to
retrieve or write to any file on the device's file system, including
the device's saved configuration and Cisco IOS image files, even if
the CLI view attached to the user does not allow it. This
* Cisco SRP 500 Series Directory Traversal Vulnerability
These vulnerabilities can be exploited using sessions to the Services
Ready Platform Configuration Utility web interface. These
vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if
remote management is enabled. Remote management is disabled by
default.
Cisco has released free software updates that address these
vulnerabilities.
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
available.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP
Vulnerability
Advisory ID: cisco-sa-20080924-ubr
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
For Public Release 2008 March 26 1600 UTC (GMT)
Summary
=======
A device running Cisco IOS software that has Internet Protocol
version 6 (IPv6) enabled may be subject to a denial of service (DoS)
attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4)
User Datagram Protocol (UDP) services enabled. To exploit this
vulnerability an offending IPv6 packet must be targeted to the
Next Page>>
|
