CiscoZine » Privilege escalation http://www.ciscozine.com Daily reporting on Cisco technology Mon, 06 Sep 2010 15:30:40 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 June 2010: two Cisco vulnerabilities http://www.ciscozine.com/2010/07/01/june-2010-two-cisco-vulnerabilities/ http://www.ciscozine.com/2010/07/01/june-2010-two-cisco-vulnerabilities/#comments Thu, 01 Jul 2010 08:32:04 +0000 Fabio Semperboni http://www.ciscozine.com/?p=785 The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

  • Vulnerabilities in Cisco Unified Contact Center Express
  • Cisco Application Extension Platform Privilege Escalation Vulnerability

Vulnerabilities in Cisco Unified Contact Center Express
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.(...)
Read the rest of June 2010: two Cisco vulnerabilities (623 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2010/07/01/june-2010-two-cisco-vulnerabilities/feed/ 0 May 2010: two Cisco vulnerabilities http://www.ciscozine.com/2010/06/04/may-2010-two-cisco-vulnerabilities/ http://www.ciscozine.com/2010/06/04/may-2010-two-cisco-vulnerabilities/#comments Fri, 04 Jun 2010 11:32:32 +0000 Fabio Semperboni http://www.ciscozine.com/?p=778 The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

  • Multiple Vulnerabilities in Cisco PGW Softswitch
  • Multiple Vulnerabilities in Cisco Network Building Mediator


Multiple Vulnerabilities in Cisco PGW Softswitch
Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. (...)
Read the rest of May 2010: two Cisco vulnerabilities (480 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2010/06/04/may-2010-two-cisco-vulnerabilities/feed/ 0 March 2010: three new Cisco vulnerabilities http://www.ciscozine.com/2010/03/08/march-2010-three-new-cisco-vulnerabilities/ http://www.ciscozine.com/2010/03/08/march-2010-three-new-cisco-vulnerabilities/#comments Mon, 08 Mar 2010 08:45:13 +0000 Fabio Semperboni http://www.ciscozine.com/?p=766 On March 3 2010, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories:

  • Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability
  • Cisco Digital Media Manager Vulerabilities
  • Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability
A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.

Vulnerable Products
Cisco Digital Media Player versions earlier than 5.2 are affected by this vulnerability.(...)
Read the rest of March 2010: three new Cisco vulnerabilities (400 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2010/03/08/march-2010-three-new-cisco-vulnerabilities/feed/ 0 February 2010: four new Cisco vulnerabilities http://www.ciscozine.com/2010/02/25/february-2010-four-new-cisco-vulnerabilities/ http://www.ciscozine.com/2010/02/25/february-2010-four-new-cisco-vulnerabilities/#comments Thu, 25 Feb 2010 11:15:59 +0000 Fabio Semperboni http://www.ciscozine.com/?p=762 Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories.

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities:

  • TCP Connection Exhaustion Denial of Service Vulnerability
  • Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities
  • Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability
  • WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability
  • Crafted TCP Segment Denial of Service Vulnerability
  • Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
  • NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability

These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others. There are workarounds for some of the vulnerabilities disclosed in this advisory.(...)
Read the rest of February 2010: four new Cisco vulnerabilities (1,191 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2010/02/25/february-2010-four-new-cisco-vulnerabilities/feed/ 0 3 new Cisco critical vulnerabilities http://www.ciscozine.com/2010/02/03/3-new-cisco-critical-vulnerabilities-3/ http://www.ciscozine.com/2010/02/03/3-new-cisco-critical-vulnerabilities-3/#comments Wed, 03 Feb 2010 22:04:13 +0000 Fabio Semperboni http://www.ciscozine.com/?p=759 Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories.

Multiple Vulnerabilities in Cisco Unified MeetingPlace
Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:

  • Insufficient validation of SQL commands
  • Unauthorized account creation
  • User and password enumeration in Cisco MeetingTime
  • Privilege escalation in Cisco MeetingTime

(...)
Read the rest of 3 new Cisco critical vulnerabilities (762 words)

© Fabio Semperboni for CiscoZine, 2010. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2010/02/03/3-new-cisco-critical-vulnerabilities-3/feed/ 0 Vulnerabilities in Unified Contact Center Express Administration Pages http://www.ciscozine.com/2009/07/20/vulnerabilities-in-unified-contact-center-express-administration-pages/ http://www.ciscozine.com/2009/07/20/vulnerabilities-in-unified-contact-center-express-administration-pages/#comments Mon, 20 Jul 2009 09:09:47 +0000 Fabio Semperboni http://www.ciscozine.com/?p=723 Reported to Cisco by National Australia Bank’s Security Assurance team, on July 15, 2009 the PSIRT has published a new security advisory concerning to vulnerabilities in Unified Contact Center Express Administration Pages.

Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.(...)
Read the rest of Vulnerabilities in Unified Contact Center Express Administration Pages (156 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: ,

]]> http://www.ciscozine.com/2009/07/20/vulnerabilities-in-unified-contact-center-express-administration-pages/feed/ 0 Jun.24, 2009: 2 new Cisco critical vulnerabilities http://www.ciscozine.com/2009/06/25/jun24-2009-2-new-cisco-critical-vulnerabilities/ http://www.ciscozine.com/2009/06/25/jun24-2009-2-new-cisco-critical-vulnerabilities/#comments Thu, 25 Jun 2009 06:52:28 +0000 Fabio Semperboni http://www.ciscozine.com/?p=715 On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories.

1) Cisco Physical Access Gateway Denial of Service Vulnerability
A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability.

Vulnerable Products
Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.(...)
Read the rest of Jun.24, 2009: 2 new Cisco critical vulnerabilities (484 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2009/06/25/jun24-2009-2-new-cisco-critical-vulnerabilities/feed/ 0 Mar.25, 2009?! 8 new Cisco vulnerability advisories! http://www.ciscozine.com/2009/03/27/mar25-2009-8-new-cisco-vulnerability-advisories/ http://www.ciscozine.com/2009/03/27/mar25-2009-8-new-cisco-vulnerability-advisories/#comments Fri, 27 Mar 2009 22:12:41 +0000 Fabio Semperboni http://www.ciscozine.com/?p=701 On March 25, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 8 new vulnerability advisories. Mainly these vulnerabilities are DOS attack.

 

1) Cisco IOS cTCP Denial of Service Vulnerability
A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature.

Vulnerable Products
Cisco IOS devices running versions 12.4(9)T or later and configured for Cisco Tunneling Control Protocol (cTCP) encapsulation for EZVPN server are vulnerable.(...)
Read the rest of Mar.25, 2009?! 8 new Cisco vulnerability advisories! (2,474 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2009/03/27/mar25-2009-8-new-cisco-vulnerability-advisories/feed/ 0 2 new Cisco critical vulnerabilities http://www.ciscozine.com/2009/03/20/2-new-cisco-critical-vulnerabilities-2/ http://www.ciscozine.com/2009/03/20/2-new-cisco-critical-vulnerabilities-2/#comments Fri, 20 Mar 2009 09:19:11 +0000 Fabio Semperboni http://www.ciscozine.com/?p=697 On 4 March 2009 and on 11 March 2009, Cisco has published two new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack.

1) Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
A denial of service (DoS) vulnerability exists in the Cisco Session Border Controller (SBC) for the Cisco 7600 series routers. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.(...)
Read the rest of 2 new Cisco critical vulnerabilities (509 words)

© Fabio Semperboni for CiscoZine, 2009. | Permalink | No comment
Post tags: , ,

]]> http://www.ciscozine.com/2009/03/20/2-new-cisco-critical-vulnerabilities-2/feed/ 0 3 new Cisco critical vulnerabilities http://www.ciscozine.com/2009/02/26/3-new-cisco-critical-vulnerabilities-2/ http://www.ciscozine.com/2009/02/26/3-new-cisco-critical-vulnerabilities-2/#comments Thu, 26 Feb 2009 16:11:32 +0000 Fabio Semperboni http://www.ciscozine.com/?p=683 On 25 February 2009, Cisco has published three new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack.

1) Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts: