Aug
30
2009
Aug.30, 2009: 3 new Cisco critical vulnerabilities

In the last 2 weeks, three new security advisory has been published by PSIRT: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities, Cisco Unified Communications Manager Denial of Service Vulnerabilities and Firewall Services Module Crafted ICMP Message Vulnerability. 1) Cisco IOS XR Software Border Gateway Protocol Vulnerabilities Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature.

Aug
13
2009
Jul.29, 2009: 2 new Cisco critical vulnerabilities

On July 29, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Active Template Library (ATL) Vulnerability Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Jul
31
2009
Black Hat USA 2009: Router Exploitation

During the Black Hat USA 2009, Felix “FX” Lindner has presented his researches concerning the exploitation of memory corruption software vulnerabilitiesin Cisco IOS. “The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.” says Felix ‘FX’ Lindner in his “Cisco IOS Router Exploitation” abstract.

Jul
30
2009
Cisco 2009 Midyear Security Report

The Cisco 2009 Midyear Security Report presents an overview of Cisco security intelligence, highlighting threat information and trends from the first half of 2009. The report also includes recommendations from Cisco security experts and predictions of how identified trends will evolve. As predicted in the Cisco 2008 Annual Security Report, attacks are only becoming more sophisticated and targeted as we move through 2009—and the global recession. However, while cybercrime is more pervasive, there are encouraging signs that increased collaboration among the “good guys” is making it more difficult for attacks to take root and grow.

Jul
28
2009
Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: Malformed HTTP or HTTPS authentication response denial of service vulnerability SSH connections denial of service vulnerability Crafted HTTP or HTTPS request denial of service vulnerability Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability

Jul
22
2009
CoPP?! What is that?

Cisco Network Foundation Protection (NFP) is an umbrella strategy encompassing Cisco IOS Security features that provides the tools, technologies, and services that enable organizations to secure their network foundations. NFP helps to establish a methodical approach to protecting router planes, forming the foundation for continuous service delivery. The router is typically segmented into three planes of operation, each with a clearly identified objective: the data plane allows the ability to forward data packets the control plane allows the ability to route data correctly the management plane allows the ability to manage network elements. The vast majority of packets handled by […]

Jul
20
2009
Vulnerabilities in Unified Contact Center Express Administration Pages

Reported to Cisco by National Australia Bank’s Security Assurance team, on July 15, 2009 the PSIRT has published a new security advisory concerning to vulnerabilities in Unified Contact Center Express Administration Pages. Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.

Jul
2
2009
Cisco introduces four new certifications!

Yesterday, I have received the newsletter from learning@cisco that announce the release of four new certifications. “In response to the growing demand for IT professionals who can design, manage, and maintain converged technologies across global network infrastructures, Cisco announced the release of four new certifications at the Cisco Live! show, held this week in San Francisco, CA. Cisco Certified Architect, CCNP Wireless, and two new Cisco Datacenter Unified Computing Specialists reinforce Cisco’s commitment developing state of the art, technology driven, role based certifications that meet the demands of today’s network professional.”

Jul
1
2009
OSPF Virtual Link

The Open Shortest Path First (OSPF) protocol, defined in RFC 2328, is an Interior Gateway Protocol used to distribute routing information within a single Autonomous System. The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth. An OSPF network can be divided into sub-domains called areas. An area is a logical collection of OSPF networks, routers, and links that have the same […]

Jun
25
2009
Jun.24, 2009: 2 new Cisco critical vulnerabilities

On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Cisco Physical Access Gateway Denial of Service Vulnerability A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability. Vulnerable Products Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.

Pages:«1...15161718192021...27»