Browsing articles in "Security Advisory"
Sep
25
2009
Sep.23, 2009: 11 new Cisco critical vulnerabilities!!

On September 23, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 11 important vulnerability advisories. Cisco Unified Communications Manager Express Vulnerability Cisco IOS® devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.

Sep
18
2009
TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

On September 8, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products. Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from […]

Aug
30
2009
Aug.30, 2009: 3 new Cisco critical vulnerabilities

In the last 2 weeks, three new security advisory has been published by PSIRT: Cisco IOS XR Software Border Gateway Protocol Vulnerabilities, Cisco Unified Communications Manager Denial of Service Vulnerabilities and Firewall Services Module Crafted ICMP Message Vulnerability. 1) Cisco IOS XR Software Border Gateway Protocol Vulnerabilities Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature.

Aug
13
2009
Jul.29, 2009: 2 new Cisco critical vulnerabilities

On July 29, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Active Template Library (ATL) Vulnerability Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Jul
28
2009
Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: Malformed HTTP or HTTPS authentication response denial of service vulnerability SSH connections denial of service vulnerability Crafted HTTP or HTTPS request denial of service vulnerability Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability

Jul
20
2009
Vulnerabilities in Unified Contact Center Express Administration Pages

Reported to Cisco by National Australia Bank’s Security Assurance team, on July 15, 2009 the PSIRT has published a new security advisory concerning to vulnerabilities in Unified Contact Center Express Administration Pages. Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.

Jun
25
2009
Jun.24, 2009: 2 new Cisco critical vulnerabilities

On June 24, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 2 new vulnerability advisories. 1) Cisco Physical Access Gateway Denial of Service Vulnerability A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability. Vulnerable Products Cisco Physical Access Gateway running software versions prior to 1.1 are vulnerable.

May
25
2009
CiscoWorks TFTP Directory Traversal Vulnerability

CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products Products that have TFTP services enabled and that run CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable. Only CiscoWorks Common Services systems running on Microsoft Windows operating systems are affected.

Apr
26
2009
Cisco ASA WebVPN Cross Site Scripting Vulnerability

Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials. Cisco ASA software versions 8.0.4(2B) and prior running on ASA 5500 Series Adaptive Security Appliances are vulnerable.

Apr
13
2009
Multiple Vulnerabilities in Cisco ASA / PIX security

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. Vulnerable Products The following is a list of the products affected by each vulnerability as described in detail within this advisory. VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability. Note:  The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by […]