Yesterday Cisco has published 3 different vulnerabilities, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Cisco ONS Platform Crafted Packet Vulnerability The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card.

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products The following GSS products are affected by this vulnerability: Cisco GSS 4480 Global Site Selector Cisco GSS 4490 Global Site Selector Cisco GSS 4491 Global Site Selector Cisco GSS 4492R Global Site Selector

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines details of these vulnerabilities: Windows NT Domain Authentication Bypass Vulnerability IPv6 Denial of Service Vulnerability Crypto Accelerator Memory Leak Vulnerability

On September 24, 2008, at about 16:00 GMT, the The Cisco Product Security Incident Response Team (PSIRT) has published 12 new vulnerability advisories. Mainly these vulnerabilities are DOS attack.

A new Cisco ACS vulnerability is found by Gabriel Campana and Laurent Butti. Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. The affected products are all versions of Cisco Secure ACS that support EAP.

Some vulnerabilities have been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to disclose sensitive information, and by malicious users and malicious people to cause a DoS (Denial of Service).