Next Page >>
provided
Note: The following products contain the Broadcom Integrated NIC firmware
HP Small Form Factor or Microtower PC with Broadcom Integrated NIC
Broadcom Integrated NIC Management Firmware versions impacted
Broadcom Integrated NIC Management Firmware version provided in sp47557.
Apply this version or a subsequent version to resolve the vulnerability
HP Compaq 6005 Pro Microtower PC
Versions impacted - v1.24.0.9 and earlier
Version provided in sp47557 - v1.40.0.0
A crafted stream of TCP traffic to the control cards on a node will
result in a reset of the corresponding control cards on this node. A
complete 3-way handshake is required on any open TCP port to be able
to exploit this vulnerability.
The timing for the data channels traversing the switch is provided by
the control cards.
When an active and a standby Cisco ONS 15310-MA, ONS 15310-CL, ONS
15327, ONS 15454 or ONS 15454 SDH control card reloads at the same
time, the synchronous data channels traversing the switch drop
the advisory has already passed without any communication from IBM
regarding the issue, let alone any concrete plans to fix the bug. The
publication date for Core's security advisory has been re-scheduled for
October 30th, 2007. The date remains flexible on the basis of receiving
concrete and specific details about availability of fixes by Wednesday,
October 24th. An up to date copy of the security advisory provided for
comments and suggested workarounds.
2007-10-23: Email from Lotus Notes Security indicating that a ticket had
been opened with Autonomy and that since this is a client-side issue the
fix would be provided in one of the future maintenance releases of the
Lotus Notes client. Ongoing work with Autonomy needs to continue before
=======
An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx
Meeting Manager contains a buffer overflow vulnerability that may
result in a denial of service or remote code execution. The WebEx
Meeting Manager is a client-side program that is provided by the
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
it to persist after the installation. An attacker who is aware of
this vulnerability could authenticate with administrative privileges
and arbitrarily change the configuration of Cisco Network Registrar.
The upgrade to Software Release 7.2 is not free; however, a
workaround is provided in this document that will prevent
exploitation of the vulnerability.
When performing an upgrade to Software Release 7.2, you must use the
workaround to change the password of the administrative account. You
will be prompted to enter a new administrator's password only if you
arbitary file extension at. E.g .tx, .tm]
3. Chrome:
http://securethoughts.com/security/rssatomxss/googlechromexss.atom.tx [Any
arbitary file extension at. E.g .tx, .tm]
3. Exploit Scenario 3 –
1. Details and PoC will be released after patch is provided by
Opera Security Team in next minor release.
For research purposes, you can try out the PoCs on these virtualized (and
vulnerable) versions of various browsers, without installing any bits on
your computer [5].
Details
=======
ANM is a network management application that manages Cisco ACE modules
or appliances. ANM is installed on customer provided servers with a Red
Hat Enterprise Linux operating system. The ACE Device Manager provides
a browser-based interface for configuring and managing a single ACE
appliance. The ACE Device Manager resides in flash memory on the ACE
appliance. Multiple vulnerabilities exist in ANM and one in the ACE
Device Manager products. The following details are provided for each
systems.
Besides the recommendation of a secure network architecture with strict
network access control measures, OS hardening and other sound system
administration practices a specific workaround for the vulnerability
reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable
organizations that do not require ODBC connectivity may disable the
service with no adverse effects to the CitectSCADA software.
Installations that require ODBC connectivity to SQL databases,
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C2800NM-ADVSECURITYK9-M:
The system banner confirms that the device is running Cisco IOS
Software by displaying text similar to "Cisco Internetwork Operating
System Software" or "Cisco IOS Software." The image name displays in
parentheses, followed by "Version" and the Cisco IOS Software Release
name. Other Cisco devices do not have the "show version" command or may
provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.1(2)T with an installed image name of
C2800NM-ENTSERVICES-M:
+------------------
Cisco IOS devices running vulnerable versions of Cisco IOS Software
are affected by two vulnerabilities in Cisco IOS IPS and Cisco IOS
Zone-Based Firewall. The two vulnerabilities are independent of each
other. Details to confirm affected configurations are provided below.
* Memory leak in Cisco IOS Software
A device that is configured for either Cisco IOS IPS or Cisco IOS
Zone-Based Firewall (or both), may experience a memory leak under
Users can manually verify the installed version of the WRF player
to determine whether it is affected by these vulnerabilities. To
do so, an administrator must examine the version numbers of the
installed files and determine whether the version of the file
contains the fixed code. Detailed instructions on how to verify
the version numbers are provided in the following sections.
The following tables provide the first nonvulnerable version of
each object.
Microsoft Windows
snmp-server community public RO
snmp-server community private RW
The SNMP community names can be removed; however, the hard-coded
community names are reapplied to the running configuration when the
device reloads. Cisco has provided a workaround that ensures the
community names are removed when the device reloads.
Note: Configuring an access list or a restricted mib view:
snmp-server community public RO 99
Cisco Unified Communications Manager software versions 4.x, 5.x, 6.x,
and 7.x can be integrated with Microsoft Active Directory and several
non-Microsoft LDAP servers to perform user authentication. In order
to function properly, the integration process requires that
appropriate user credentials for the directory service are provided
to Cisco Unified Communications Manager. If an attacker intercepts or
sniffs the directory service credentials returned by a Cisco Unified
Communications Manager responding to an IP Phone PAB Synchronizer
client, the attacker may be able to leverage the credentials to gain
access to additional systems configured to use the directory service
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
* X.25 for Record Boundary Preservation (RBP)
* X.25 over TCP (XOT)
* X.25 Routing
Information on how to determine whether an affected feature is
enabled on a device are provided in the Details section of this
advisory.
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
"show version" command to display the system banner. The system
Exposures (CVE) ID CVE-2008-3805.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
real time. Additional information on the Cisco IOS IPS feature can be
found at
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html
Previous to the introduction of the Cisco IOS IPS feature, Cisco IOS
provided a similar feature, the Cisco IOS Intrusion Detection System
(IDS). The Cisco IOS IDS feature is not affected by this
vulnerability. Additional information on the Cisco IOS IDS feature
can be found at
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/ios_ids.html
Exposures (CVE) ID CVE-2008-1447.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
* CSCso53771 - Cisco Unified Communications Manager 5.x and 6.x
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
vulnerability.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
To determine the software version running on a Cisco Content Delivery
Engine, log in to the device and issue the "show version" command line
interface (CLI) command to display the system banner. Cisco CDS Internet
Streamer software will identify itself as "Content Delivery System
Software Release". On the same line of output, the version number will
be provided. This example identifies a Cisco Content Delivery Engine
that is running Cisco Content Delivery System software release 2.5.3:
cdn-cde#show version
Content Delivery System Software (CDS)
Copyright ) 1999-2010 by Cisco Systems, Inc.
Vendor estimated date for a code fix is Q3 2010.
Remediation Steps:
The following recommendations were provided by the vendor.
1. Hide NFS exports and show it only based on the configured access. Setting
forceFullShowmount param to 0 (default is 1) will hide the "/" from the list
since only Control Station have access to it for administration purpose:
Credit: Zack Fasel and Matthew Jakubowski of Trustwave's SpiderLabs
Finding 1: Static Credentials
CVE: CVE-2011-0885
All SMCD3G-CCR gateways provided by Comcast have an administrative
login of "mso" with the password of "D0nt4g3tme". These passwords
are not provided as a part of the installation of the device and are
not recommended to be changed, thus the majority of users are unaware
of the default configuration.
To determine the software version that is running on a Cisco Content
Delivery Engine, log in to the device and issue the show version
command-line interface (CLI) command to display the system banner.
Cisco CDS Internet Streamer software will identify itself as "Content
Delivery System Software Release". On the same line of output, the
version number will also be provided. This example identifies a Cisco
Content Delivery Engine that is running Cisco Content Delivery System
software release 2.5.9 build 5:
cdn-cde#show version
Content Delivery System Software (CDS)
CVE-2011-1623.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
vulnerability
These vulnerabilities are independent; a release that is affected by
one vulnerability may not necessarily be affected by the others.
Workarounds for some of the vulnerabilities are provided in this
advisory.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml.
been assigned CVE identifier CVE-2011-2585.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
-- Arbitrary File Download #1:
An unauthenticated attacker is able to download files within the DOCUMENT_ROOT
(not forbidden by Apache configuration, e.g. tar, yml etc.).
PoC: https://192.168.1.1/pagedata.yml
CVSS: 4.7 (provided by vendor)
-- Arbitrary File Download #2:
An unauthenticated attacker is able to download files that are
readable by the Apache
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:
Next Page>>
|
