CiscoZine » DOS

June 2010: two Cisco vulnerabilities

Fabio Semperboni — Thu, 01 Jul 2010 08:32:04 +0000

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

Vulnerabilities in Cisco Unified Contact Center Express
Cisco Application Extension Platform Privilege Escalation Vulnerability

Vulnerabilities in Cisco Unified Contact Center Express
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.(...)
Read the rest of June 2010: two Cisco vulnerabilities (623 words)

May 2010: two Cisco vulnerabilities

Fabio Semperboni — Fri, 04 Jun 2010 11:32:32 +0000

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

Multiple Vulnerabilities in Cisco PGW Softswitch
Multiple Vulnerabilities in Cisco Network Building Mediator

Multiple Vulnerabilities in Cisco PGW Softswitch
Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. (...)
Read the rest of May 2010: two Cisco vulnerabilities (480 words)

March 2010: seven more new Cisco vulnerabilities

Fabio Semperboni — Tue, 30 Mar 2010 16:09:12 +0000

On March 24 2010, the The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories:

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerabilities
Cisco Security Advisory: Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability
Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability
Cisco Security Advisory: Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability
Cisco Security Advisory: Cisco Unified Communications Manager Express Denial of Service Vulnerabilities
Cisco Security Advisory: Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

(...)
Read the rest of March 2010: seven more new Cisco vulnerabilities (1,964 words)

March 2010: three new Cisco vulnerabilities

Fabio Semperboni — Mon, 08 Mar 2010 08:45:13 +0000

On March 3 2010, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories:

Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability

Cisco Digital Media Manager Vulerabilities

Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability
A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.

Vulnerable Products
Cisco Digital Media Player versions earlier than 5.2 are affected by this vulnerability.(...)
Read the rest of March 2010: three new Cisco vulnerabilities (400 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Inject data, Privilege escalation

February 2010: four new Cisco vulnerabilities

Fabio Semperboni — Thu, 25 Feb 2010 11:15:59 +0000

Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories.

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities:

TCP Connection Exhaustion Denial of Service Vulnerability

Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities

Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability

WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability

Crafted TCP Segment Denial of Service Vulnerability

Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability

NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability

These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others. There are workarounds for some of the vulnerabilities disclosed in this advisory.(...)
Read the rest of February 2010: four new Cisco vulnerabilities (1,191 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Privilege escalation, Remote Control

3 new Cisco critical vulnerabilities

Fabio Semperboni — Wed, 03 Feb 2010 22:04:13 +0000

Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories.

Multiple Vulnerabilities in Cisco Unified MeetingPlace
Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:

Insufficient validation of SQL commands

Unauthorized account creation

User and password enumeration in Cisco MeetingTime

Privilege escalation in Cisco MeetingTime

(...)
Read the rest of 3 new Cisco critical vulnerabilities (762 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Privilege escalation, Remote Control

Multiple Cisco WebEx WRF Player Vulnerabilities

Fabio Semperboni — Tue, 05 Jan 2010 09:44:26 +0000

The The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory: Multiple Cisco WebEx WRF Player Vulnerabilities.

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server. The WRF Player can also be manually installed for offline playback after downloading the application from www.webex.com.(...)
Read the rest of Multiple Cisco WebEx WRF Player Vulnerabilities (429 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: DOS, Remote Control, WebEx

Cisco Unified Presence Denial of Service Vulnerabilities

Fabio Semperboni — Tue, 20 Oct 2009 19:14:40 +0000

On Octobert 14, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: Cisco Unified Presence Denial of Service Vulnerabilities.

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds.

Vulnerable Products
The following products are affected:

Cisco Unified Presence 1.x versions

Cisco Unified Presence 6.x versions prior to 6.0(6)

Cisco Unified Presence 7.x versions prior to 7.0(4)

(...)
Read the rest of Cisco Unified Presence Denial of Service Vulnerabilities (226 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: DOS

Sep.23, 2009: 11 new Cisco critical vulnerabilities!!

Fabio Semperboni — Fri, 25 Sep 2009 10:00:44 +0000

On September 23, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 11 important vulnerability advisories.

Cisco Unified Communications Manager Express Vulnerability
Cisco IOS® devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.(...)
Read the rest of Sep.23, 2009: 11 new Cisco critical vulnerabilities!! (2,112 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: DOS, Remote Control

TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

Fabio Semperboni — Fri, 18 Sep 2009 16:29:03 +0000

On September 8, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products.

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.(...)
Read the rest of TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products (297 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: DOS