Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
590abd633caccc57ef5091f07338b3bb47024165cb0abfe8e22de9efa1b6de59Cisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.
a5f1927958aa4c1612f94d0917d625ae14208a68fe421f75813a8f60c2bc9f7eCisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
3e5c649daea98f2fca96808c0596078230f8dd81427f67c139229f5446d49360Cisco Security Advisory - The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of multiple protocols. Cisco has released free software updates that address these vulnerabilities.
e071e8cf0c9a04c74dd457a5df6b6f75145eca329e618d38d8ba34088be76e8fCisco Security Advisory - Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain. Workarounds that mitigate these vulnerabilities are available.
4d36bd86f4893e9328e2c85fa20a7e72f6dc6a41ea349b91dabc9c706e9251c7Cisco Security Advisory - Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
74550bef25d75f770748bb38ce41e79ab4a3cb766433088ce705b8134651d431Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets. Cisco has released free software updates that address this vulnerability.
59dbf91a55e22df3cd1144dfc2469be522334d8fd87eeebb1da1c6ef61183583Cisco Security Advisory - The Cisco 10000 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are also available.
858057723ce7ca1ca4dd27076208f63f0734717b9b27b1d36e76c74eb04c6a76Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device. Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.
f8b64349683d7496a8300593b934d118350bd667fccd7d4bba5b889e0720aff7Cisco Security Advisory - Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
60f64f878c6e3dae9e0b096b560a4e86328ac006294b203fc5ed04649eb4d281Cisco Security Advisory - Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
7bb8d2516418d72089afabd1bbb2d0fc50c7fbf76a0479f0c0d065c00895c421Cisco Security Advisory - A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.
e3a02e16068641fe05c51a6feb47b46b3a39ff777fed234371844bafb467a431Cisco Security Advisory - Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service. Cisco has released free software updates that address this vulnerability.
d046775df4a222ab70f9a6dd8997e978c24f6aed99fd5b6420b1c55eb73c47ddCisco Security Advisory - The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document listed in this advisory.
e3f873ef74fc9699c6df741f380df175d71fa69b431831e573d3f294b6c86326Cisco Security Advisory - Cisco Unified Communications Manager contains five (5) denial of service (DoS) vulnerabilities. Cisco has released free software updates for affected versions of Cisco Unified Communications Manager to address the vulnerabilities. A workaround exists for the SIP and Packet Capture Service DoS vulnerabilities.
9203ef304f7ca355a829e3b6b8ad4816d3ac1be10947386380d0bea05afe0f5dCisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.
961ffa1fc976edc98b7f96041bb64493d1fd4b1f388ad4cf6a7191575417a67fCisco Security Advisory - Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload. Cisco has released free software updates that address these vulnerabilities. There are no available workarounds to mitigate these vulnerabilities.
374bdf9736f97ff2f0eb95efc35d361132fed2c3ba771f777d55e3239280b5c6Cisco Security Advisory - Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings. A workaround exists to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.
33bcf3e51909c455b5c3fae308d9e8e2032825d079b6cad6b6ce0e251294ab9fCisco Security Advisory - Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
8b3960c1957150337fa342ec83e2ac3e818b1cc014f35f691270707173b6a216Cisco Security Advisory - Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability. There are no workarounds for this vulnerability.
87fa33ee924bcf0d8e5f8a6c407248b7e7facaaff576542c1526f34a106a7dffCisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Content Services Gateway - Second Generation, that runs on the Cisco Service and Application Module for IP (SAMI). An unauthenticated, remote attacker could exploit this vulnerability by sending a series of crafted ICMP packets to an affected device. Exploitation could cause the device to reload. There are no workarounds available to mitigate exploitation of this vulnerability other than blocking ICMP traffic destined to the affected device.
47affad59b00044d9ad060263d5a9a48eed230f89c78af4c892b70ed3be57832Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by arbitrary program execution and local privilege escalation vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.
b6f62c24ad600052d82c60490ef64ffb9b47d1a6b4fbb76139a5453a3b92aadfCisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
a9b9f6b84efd5f5410ccfdf9fc190f25c02e24a757639b8c1c38c6f42d3997fdCisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
a5da1041cf885eced48a7af3b7acdb0686e61e90f3ff3a0f850f27a77b7a7177Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
6c73501b3f4ee218038777f46b6592c27d8398fe0ea571b5943f57bb082bc5a3Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the SSH application that may result in a denial of service condition when the SSH version 1 (SSHv1) protocol is used. The vulnerability is a result of unremoved sshd_lock files consuming all available space in the /tmp filesystem. Cisco has released free software updates that address this vulnerability.
9423a49d885a27cb66c986c0b9fafb190ceaa087a348da8289b4575851d9205f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed