Browsing articles in "Security Advisory"
Jul
1
2010
June 2010: two Cisco vulnerabilities
Cisco-vulnerabilities

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Vulnerabilities in Cisco Unified Contact Center Express Cisco Application Extension Platform Privilege Escalation Vulnerability Vulnerabilities in Cisco Unified Contact Center Express Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.

Jun
4
2010
May 2010: two Cisco vulnerabilities

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Multiple Vulnerabilities in Cisco PGW Softswitch Multiple Vulnerabilities in Cisco Network Building Mediator Multiple Vulnerabilities in Cisco PGW Softswitch Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages.

Apr
22
2010
April 2010: two Cisco vulnerabilities

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability   Cisco Secure Desktop ActiveX Control Code Execution Vulnerability Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.

Mar
30
2010
March 2010: seven more new Cisco vulnerabilities

On March 24 2010, the The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerabilities Cisco Security Advisory: Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability Cisco Security Advisory: Cisco IOS Software IPsec Vulnerability Cisco Security Advisory: Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability Cisco Security Advisory: Cisco Unified Communications Manager Express Denial of Service Vulnerabilities Cisco Security Advisory: Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

Mar
8
2010
March 2010: three new Cisco vulnerabilities

On March 3 2010, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability Cisco Digital Media Manager Vulerabilities Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display. Vulnerable Products Cisco Digital Media Player versions earlier than 5.2 are affected by this vulnerability.

Feb
25
2010
February 2010: four new Cisco vulnerabilities

Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories. Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities: TCP Connection Exhaustion Denial of Service Vulnerability Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability Crafted TCP Segment Denial of Service Vulnerability Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability NT LAN Manager version 1 (NTLMv1) Authentication Bypass […]

Feb
3
2010
3 new Cisco critical vulnerabilities

Recently, the The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories. Multiple Vulnerabilities in Cisco Unified MeetingPlace Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities: Insufficient validation of SQL commands Unauthorized account creation User and password enumeration in Cisco MeetingTime Privilege escalation in Cisco MeetingTime

Jan
5
2010
Multiple Cisco WebEx WRF Player Vulnerabilities

The The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory:  Multiple Cisco WebEx WRF Player Vulnerabilities. Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file […]

Nov
10
2009
Transport Layer Security Renegotiation Vulnerability

Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for web transactions. Ray explained in a blog post on Thursday that he had initially discovered the flaw in August, and demonstrated a working exploit to Dispensa at the beginning of September. This vulnerability could impact any Cisco product that uses any version of TLS and SSL.

Oct
20
2009
Cisco Unified Presence Denial of Service Vulnerabilities

On Octobert 14, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: Cisco Unified Presence Denial of Service Vulnerabilities. Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds. Vulnerable Products The following products are affected: Cisco Unified Presence 1.x versions Cisco Unified Presence 6.x versions prior to 6.0(6) Cisco Unified Presence 7.x versions prior to 7.0(4)