Browsing articles in "Security Advisory"
Mar
27
2009
Mar.25, 2009?! 8 new Cisco vulnerability advisories!

On March 25, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published 8 new vulnerability advisories. Mainly these vulnerabilities are DOS attack.   1) Cisco IOS cTCP Denial of Service Vulnerability A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Vulnerable Products Cisco IOS devices running versions 12.4(9)T or later and configured for Cisco Tunneling Control Protocol (cTCP) encapsulation for EZVPN server are vulnerable.

Mar
20
2009
2 new Cisco critical vulnerabilities

On 4 March 2009 and on 11 March 2009, Cisco has published two new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability A denial of service (DoS) vulnerability exists in the Cisco Session Border Controller (SBC) for the Cisco 7600 series routers. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Feb
26
2009
3 new Cisco critical vulnerabilities

On 25 February 2009, Cisco has published three new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts: Administrative level access via default user names and passwords Privilege escalation A denial of service (DoS) condition

Feb
7
2009
Cisco IOS Cross-Site Scripting Vulnerabilities

Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user […]

Feb
5
2009
Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security advisory outlines details of the following vulnerabilities: Denial of Service Vulnerabilities (total of three) Privilege Escalation Vulnerability These vulnerabilities are independent of each other.

Jan
22
2009
2 new Cisco critical vulnerabilities

On 21 January 2009, Cisco has published two new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. The two vulnerabilities are: Cisco Security Manager Vulnerability and Cisco Unified Communications Manager CAPF Denial of Service Vulnerability. 1) Cisco Security Manager Vulnerability Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. Cisco […]

Jan
15
2009
3 new Cisco critical vulnerabilities

Yesterday Cisco has published 3 different vulnerabilities, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack. 1) Cisco ONS Platform Crafted Packet Vulnerability The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card.

Jan
7
2009
Cisco Global Site Selector Appliances DNS Vulnerability

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products The following GSS products are affected by this vulnerability: Cisco GSS 4480 Global Site Selector Cisco GSS 4490 Global Site Selector Cisco GSS 4491 Global Site Selector Cisco GSS 4492R Global Site Selector

Oct
25
2008
Multiple Vulnerabilities in Cisco PIX and Cisco ASA

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines details of these vulnerabilities: Windows NT Domain Authentication Bypass Vulnerability IPv6 Denial of Service Vulnerability Crypto Accelerator Memory Leak Vulnerability

Oct
10
2008
Authentication Bypass in Cisco Unity
Cisco-vulnerabilities

A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. Vulnerable Products All Cisco Unity versions, 4.x, 5.x and 7.x, may be affected by this vulnerability.