Next Page >>
free software
However, because Cisco Show and Share relies on Cisco Digital Media
Manager for authentication services, attackers who compromise the
Cisco Digital Media Manager may gain full access to Cisco Show and
Share.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
CiscoWorks Common Services for Microsoft Windows contains a
vulnerability that could allow an authenticated, remote attacker to
execute arbitrary commands on the affected system with the privileges
of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
CiscoWorks Common Services contains a vulnerability that could allow an
unauthenticated remote attacker to access application and host operating
system files.
Cisco has released free software updates that address this
vulnerability. A workaround that mitigates this vulnerability is
available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml.
CiscoWorks Common Services for both Oracle Solaris and Microsoft
Windows contains a vulnerability that could allow a remote
unauthenticated attacker to execute arbitrary code on a host device
with privileges of a system administrator.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
Mitigations that limit the attack surface of this vulnerability are
available.
Unified IP Interactive Voice Response (Unified IP-IVR) contain a
directory traversal vulnerability that may allow a remote,
unauthenticated attacker to retrieve arbitrary files from the
filesystem.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
Exploitation of the Cisco Unity Connection Denial of Service
Vulnerability may allow an unauthenticated, remote attacker to cause
system services to terminate unexpectedly, which may result in a
denial of service condition.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc
* Denial of Service Vulnerabilities (total of three)
* Privilege Escalation Vulnerability
These vulnerabilities are independent of each other.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds available for these vulnerabilities.
This advisory is posted at
=======
A series of TCP packets may cause a denial of service (DoS) condition
on Cisco IOS devices that are configured as Easy VPN servers with the
Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco
has released free software updates that address this vulnerability.
No workarounds are available; however, the IPSec NAT traversal
(NAT-T) feature can be used as an alternative.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml
* Two access control list (ACL) bypass vulnerabilities
Note: These vulnerabilities are independent of one another. A device
may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds to mitigate these vulnerabilities.
This advisory is posted at:
Manager is integrated with an external directory service, it may be
possible for an attacker to leverage the privilege escalation
vulnerability to gain access to additional systems configured to use
the directory service for authentication.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.
This advisory is posted at:
=======
Cisco Unified MeetingPlace Web Conferencing servers may contain an
authentication bypass vulnerability that could allow an
unauthenticated user to gain administrative access to the
MeetingPlace application. Cisco has released free software updates
that address this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml
Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and
MXP Series Codecs that are running software versions prior to TC4.0.0
or F9.1 contain a vulnerability that could allow an attacker to cause
a denial of service.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110831-tandberg.shtml
http://www.warftp.org/?menu=344
Jarle
--
Jarle Aase email: jgaa@jgaa.com
Author of Free Software. http://www.jgaa.com
War FTP Daemon: http://www.warftp.org
Other free software: http://products.jgaa.com
NB: If you reply to this message, please include all relevant
process of upgrading a Cisco IP Video Phone E20 device to TE 4.1.0, an
unsecured default account may be introduced. An attacker who is able
to take advantage of this vulnerability could log in to the device as
the root user and perform arbitrary actions with elevated privileges.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
+ http://www.frhack.org/schedule.php
---------------------------------------------------------
# Invited speakers #
Free Software in Ethics and in Practice
- Richard Matthew Stallman (RMS)
TBA
- David Hulton (h1kari)
interface descriptor blocks on the affected device because those
devices will not reuse virtual access interfaces. If these
vulnerabilities are repeatedly exploited, the memory and/or interface
resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities
for affected customers.
There are no workarounds available to mitigate the effects of these
vulnerabilities.
A vulnerability exists in the Cisco Network Admission Control (NAC)
Appliance that can allow an attacker to obtain the shared secret that
is used between the Cisco Clean Access Server (CAS) and the Cisco Clean
Access Manager (CAM).
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml.
traversal vulnerability that may allow an unauthenticated attacker to
obtain system information.
There are no workarounds to mitigate this vulnerability.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml.
Cisco Unified Communications Manager, which was formerly Cisco
Unified CallManager, contains a denial of service (DoS) vulnerability
in the Session Initiation Protocol (SIP) service. An exploit of this
vulnerability may cause an interruption in voice services.
Cisco has released free software updates that address this
vulnerability. There are no workarounds for this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml
Cisco Unified Communications Manager contains two denial of service
(DoS) vulnerabilities that affect the processing of Session
Initiation Protocol (SIP) messages. Exploitation of these
vulnerabilities could cause an interruption of voice services.
To address these vulnerabilities, Cisco has released free software
updates. There is a workaround for these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml
Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS^ Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for devices that must run
SIP; however, mitigations are available to limit exposure to the
vulnerabilities.
This advisory is posted at
process to crash and lead to a significant amount of memory being
consumed, which could introduce instability that may adversely impact
other system functionality. During this event, the parent SSH daemon
process will continue to function normally.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml.
a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1
security associations (SA) and prevent the establishment of new IPsec
sessions.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
4.0.2, and 4.1.0 are affected by a vulnerability that an
unauthenticated, remote user could use to trigger a reload of the
Shared Port Adapters (SPA) Interface Processor by sending specific IP
version 4 (IPv4) packets to an affected device.
Cisco has released free Software Maintenance Units (SMU) that address
this vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is posted at:
users access a recording file that is hosted on a WebEx server. If
the WebEx recording player was manually installed, users will need to
manually install a new version of the player after downloading the
latest version from www.webex.com
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml.
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS that can be exploited remotely to
trigger a memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
=======
The Cisco Application Extension Platform contains a privilege escalation
vulnerability in the tech support diagnostic shell that may allow an
authenticated user to obtain administrative access to a vulnerable Cisco
Application Extension Platform module. Cisco has released free software updates
that address this vulnerability. There is no workaround for this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100609-axp.shtml
This vulnerability does not allow an attacker to perform any other
changes to the ACS database. That is, an attacker cannot change
access policies, device properties, or any account attributes except
the user password.
Cisco has released free software updates that address this
vulnerability. There is no workaround for this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110330-acs.shtml.
Cisco Unified Presence contains two denial of service (DoS)
vulnerabilities that may cause an interruption to presence services.
These vulnerabilities were discovered internally by Cisco, and there
are no workarounds.
Cisco has released free software updates that address these
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml
Next Page>>
|
