On September 23, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 11 important vulnerability advisories. Cisco Unified Communications Manager Express Vulnerability Cisco IOS® devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.

On September 8, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products. Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from [...]

In the last 2 weeks, three new security advisory has been published by PSIRT: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities, Cisco Unified Communications Manager Denial of Service Vulnerabilities and Firewall Services Module Crafted ICMP Message Vulnerability. 1) Cisco IOS XR Software Border Gateway Protocol Vulnerabilities Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature.

On July 29, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Active Template Library (ATL) Vulnerability Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: Malformed HTTP or HTTPS authentication response denial of service vulnerability SSH connections denial of service vulnerability Crafted HTTP or HTTPS request denial of service vulnerability Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability

Cisco Network Foundation Protection (NFP) is an umbrella strategy encompassing Cisco IOS Security features that provides the tools, technologies, and services that enable organizations to secure their network foundations. NFP helps to establish a methodical approach to protecting router planes, forming the foundation for continuous service delivery. The router is typically segmented into three planes of operation, each with a clearly identified objective: the data plane allows the ability to forward data packets the control plane allows the ability to route data correctly the management plane allows the ability to manage network elements. The vast majority of packets handled by [...]

Reported to Cisco by National Australia Bank’s Security Assurance team, on July 15, 2009 the PSIRT has published a new security advisory concerning to vulnerabilities in Unified Contact Center Express Administration Pages. Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.

On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Cisco Physical Access Gateway Denial of Service Vulnerability A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability. Vulnerable Products Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.

CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products Products that have TFTP services enabled and that run CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable. Only CiscoWorks Common Services systems running on Microsoft Windows operating systems are affected.

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. Vulnerable Products The following is a list of the products affected by each vulnerability as described in detail within this advisory. VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability. Note:  The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by [...]