26
2009
3 new Cisco critical vulnerabilities
On 25 February 2009, Cisco has published three new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts: Administrative level access via default user names and passwords Privilege escalation A denial of service (DoS) condition
24
2009
Cisco IOS causes Internet disruption
On February 16th, SuproNet, a local Czech provider, single-handedly caused a global Internet meltdown for upwards of an hour today. SuproNet accomplished this feat by sending out a rather unusual routing update, one which a lot of routers did not handle very well. The result was Internet bedlam. “What we think happened next is the Internet equivalent of a massive buffer overflow. While most of the core routers run by major ISPs fared just fine, processing the ridiculous path and sending it on, others choked. Perhaps they weren’t as well maintained or were running buggy software. These routers viewed the [...]
21
2009
WebEx for mobile
Cisco has unveiled plans to bring its WebEx online meeting service to a new crop of smartphones. The announcement, at Mobile World Congress, means users will be able to join Cisco WebEx Meeting Center web and audio conferences on smartphones including the BlackBerry Bold, BlackBerry Curve 8900, and BlackBerry Storm from RIM, the Nokia E71, Nokia E75, Nokia N97, and other Nokia Eseries and Nseries, and the Samsung Blackjack II. They will be able to participate in audio and web conferencing via 3G or Wi-Fi, attend scheduled meetings and view presentations, applications and desktops with live annotations. In addition, Cisco [...]
17
2009
Use MRTG to monitor bandwidth
In ”An introduction to SNMP” I have explained how SNMP protocol works and how use it; but what are the softwares that use SNMP to monitor network bandwith? HP Openview, Ciscoworks, MRTG are some examples. In this article I will explain how monitor Cisco Switches/Routers bandwith under a Linux machine using a free open source tool: MRTG. The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic. MRTG consists of a Perl script which uses SNMP to read the traffic counters [...]
10
2009
Why use HSRP version 2?
Not everyone knows that HSRP, a fault-tolerant default gateway protocol, has two versions: version 1 (the default) and version two. The second version was integrated from IOS Release 12.2(25)S. HSRP Version 2 features: It advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases. It expands the group number range from 0 to 4095 and consequently uses a new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. It provides improved management and troubleshooting: the HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field [...]
7
2009
Cisco IOS Cross-Site Scripting Vulnerabilities
Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user [...]
5
2009
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security advisory outlines details of the following vulnerabilities: Denial of Service Vulnerabilities (total of three) Privilege Escalation Vulnerability These vulnerabilities are independent of each other.
3
2009
Valentine’s Day – Any ideas?
What do you hope to receive from your love one? A romantic dinner, a Cd, a perfume, a PDA or a iPhone? I think that Cisco may just give you the idea that you need.
Archives
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008

An article by