Next Page >>
software version
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
* Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)
Administrators of systems that are running Cisco Unified
Communications Manager software version 4.x can determine the
software version by navigating to Help > About Cisco Unified
CallManager and selecting the Details button via the Cisco Unified
Communications Manager administration interface.
Administrators of systems that are running Cisco Unified
| | All versions | All versions |
| Crafted SNMPv3 Packet Vulnerability | prior to A1 | prior to A2 |
| | (8.0) | (1.2) |
+-------------------------------------------------------------------+
Determining Software Versions
+----------------------------
To display the version of system software that is currently running
on Cisco ACE Application Control Engine, use the show version
command. The following example displays the output of the show
vary depending on the specific vulnerability.
Vulnerable Products
+------------------
For specific version information, refer to the Software Versions and
Fixes section of this advisory.
Transparent Firewall Packet Buffer Exhaustion Vulnerability
+----------------------------------------------------------
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module are affected by multiple
vulnerabilities. Affected versions of Cisco ASA Software will vary
depending on the specific vulnerability. Consult the "Software
Versions and Fixes" section of this security advisory for more
information about the affected version.
Cisco PIX Security Appliances may be affected by some of the
vulnerabilities described in this security advisory. Cisco PIX has
reached end of maintenance support. Cisco PIX Security Appliance
Summary
=======
Tandberg C Series Endpoints and E/EX Personal Video units that are
running software versions prior to TC4.0.0 ship with a root
administrator account that is enabled by default with no password. An
attacker could use this account in order to modify the application
configuration or operating system settings.
Resolving this default password issue does not require a software
Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
disabled by default.
Crafted HTTP Packet DoS Vulnerability
+------------------------------------
=================
Vulnerable Products
+------------------
The following products and software versions are affected for each
vulnerability.
Denial of Service Vulnerabilities
+--------------------------------
| Privilege | ANM | prior to |
| Escalation | | ANM 2.0 |
| | | Update A |
+---------------------------------------+
Determining ACE Device Manager Software Version
+----------------------------------------------
The ACE Device Manager is embedded with the ACE appliance software.
To display the version of system software that is currently running
+------------------
The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited by an authenticated user to gain unauthorized access to other user accounts.
References: CVE-2008-0709
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Select Identity software v4.00, v4.01, v4.11, v4.12, v4.13, v4.20 running on HP-UX, Windows 2003 Server, Red Hat Linux AS3 and AS4, and Solaris.
BACKGROUND
CVSS 2.0 Base Metrics
=================
Vulnerable Products
+------------------
This vulnerability affects Cisco WLC software versions 6.0 and later.
The following products are affected by the vulnerability described in
this Security Advisory:
* Cisco 2100 Series Wireless LAN Controllers
* Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
Summary
=======
Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and
MXP Series Codecs that are running software versions prior to TC4.0.0
or F9.1 contain a vulnerability that could allow an attacker to cause
a denial of service.
Cisco has released free software updates that address this
vulnerability.
The Cisco WLC product family is affected by two DoS vulnerabilities:
* Internet Key Exchange (IKE) DoS Vulnerability
* HTTP DoS Vulnerability
The IKE DoS vulnerability affects Cisco WLC software versions 3.2 and
later. The HTTP DoS vulnerability affects Cisco WLC software versions
4.2 and later.
Privilege Escalation Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|8.x |8.3 |
| |8.4 |
| |8.6 |
+---------------------------------------------------------------+
Note: Cisco ASA Software version 7.0 and 7.1 have reached end of
software maintenance. Customers who are using Cisco ASA Software
version 7.0 or 7.1 should contact their Cisco support team for
assistance in upgrading to a supported version of Cisco ASA
Software.
for Integrated Services Routers, and Cisco Catalyst 3750G Integrated
Wireless LAN Controllers are affected by one or more of the following
vulnerabilities:
* The malformed HTTP or HTTPS authentication response denial of
service vulnerability affects software versions 4.2 and later.
* The SSH connections denial of service vulnerability affects
software versions 4.1 and later.
* The crafted HTTP or HTTPS request denial of service vulnerability
affects software versions 4.1 and later.
* The crafted HTTP or HTTPS request unauthorized configuration
=======
A vulnerability exists in the Cisco Firewall Services Module (FWSM)
- - - a high-speed, integrated firewall module for Cisco Catalyst 6500
switches and Cisco 7600 Series routers, that may result in a reload
of the FWSM. The only affected FWSM System Software Version is
3.2(3).
There are no known instances of intentional exploitation of this
issue. However, Cisco has observed data streams that appear to be
unintentionally triggering this vulnerability.
depending on the specific vulnerability.
SunRPC Inspection Denial of Service Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cisco FWSM Software version 3.x and 4.x are affected by these
vulnerabilities only if SunRPC inspection is enabled. SunRPC
inspection is enabled by default.
To check if SunRPC inspection is enabled, use the "show service-policy
| include sunrpc" command and confirm that the command returns output,
Contents
--------
Summary
Software Version
Details
Impact
Exploit
Workarounds
Obtaining Patched Software
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Software version TE 4.1.0 contains a default
account vulnerability that could allow an unauthenticated, remote
attacker to take complete control of the affected device.
The vulnerability is due to an architectural change that was made in
the way the system maintains administrative accounts. During the
Contents
--------
Summary
Software Version
Details
Impact
Exploit
Workarounds
Obtaining Patched Software
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
Contents
--------
Summary
Software Version
Details
Impact
Exploit
Workarounds
Obtaining Patched Software
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
CVSS 2.0 Base Metrics
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Select Identity Active Directory Bidirectional LDAP Connector running on Windows. The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory for Windows Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
CVSS 2.0 Base Metrics
Vulnerable Products
+------------------
The Cisco CSM and Cisco CSM-S are affected by the vulnerability
described in this document if they are running an affected software
version and are configured for layer 7 load balancing.
The following versions of the Cisco CSM software are affected by this
vulnerability: 4.2(3), 4.2(3a), 4.2(4), 4.2(5), 4.2(6), 4.2(7), and
4.2(8).
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
CVSS 2.0 Base Metrics
will vary depending on the specific vulnerability.
Vulnerable Products
+------------------
For specific version information, refer to the Software Versions and
Fixes section of this advisory.
SunRPC Inspection Denial of Service Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
depending on the specific vulnerability.
Vulnerable Products
+------------------
For specific version information, refer to the Software Versions and
Fixes section of this advisory.
MSN IM Inspection Denial of Service Vulnerability
+------------------------------------------------
Next Page>>
|
