Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information.
09ef207441d25378dcebdc2f3b18ca0c3e8eb21a303ae4cdf5f6ef2a3ca8e2d0Cisco Security Advisory - Cisco TelePresence Video Communication Servers running software versions prior to X7.0.1 contain vulnerabilities that could allow an attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
1900b083ebfc3ed60acc20a1ede055c4bc8bc836915d5486d93bd05a3eda1c7cCisco Security Advisory - Cisco Unity Connection suffers from privilege escalation and denial of service vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
d92d9b14e9a4b27d2110450fc1e22d5c701454277099f0a6e84388632eb60a92Cisco Security Advisory - Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding. Devices running Cius Software Versions prior to 9.2(1) SR2 are vulnerable. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious network traffic to affected devices. Cisco has released free software updates that address this vulnerability.
fd010e4e40e30827b02ebca240977bc17896e8c204fb1121463994ac1d278c59Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
31da0efcb3a1c6bfaf12e06688d0619522253f130e943a73a69af7e3f60d8eeaCisco Security Advisory - Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet. Cisco has released free software updates that address this vulnerability.
18031032152d8362b83be2a97c94979f3196d909d83ed1512f390863eb20f2efCisco Security Advisory - Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Workarounds that mitigate this vulnerability are available.
4864f4e17fe47b8f6178a603e1cc20bb9f967ec80c223712f14bfa2e367c5c8cCisco Security Advisory - Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system. Cisco Show and Share is not directly affected by this vulnerability. However, because Cisco Show and Share relies on Cisco Digital Media Manager for authentication services, attackers who compromise the Cisco Digital Media Manager may gain full access to Cisco Show and Share. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
41922785a720c613a90f99296a1cc0323338764101e0f5f2209925f0a85b77b0Cisco Security Advisory - Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to an architectural change that was made in the way the system maintains administrative accounts. During the process of upgrading a Cisco IP Video Phone E20 device to TE 4.1.0, an unsecured default account may be introduced. An attacker who is able to take advantage of this vulnerability could log in to the device as the root user and perform arbitrary actions with elevated privileges. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
ffb1d743fb5b8c8144fab300e2c6dac3949900703a0d6ed2e8f35f376fc930c6Cisco Security Advisory - Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg. Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory.
29725f918f2e90e18a092a05d00bd56e61df7a178f50f6781b4b8e40bbff7374Cisco Security Advisory - Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
0778862bf9fa19104435b1722feca5da37fb341ae1519f5ec6815b4acba36416Secunia Security Advisory - Cisco has acknowledged two vulnerabilities in Cisco Security Agent, which can be exploited by malicious people to compromise a vulnerable system.
d1f806d0f6d28f7d68fcb692e5a4dccd3144e4118a7757494b06de5e5c18d6d7Cisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has released free software updates that address these vulnerabilities.
93098b1c8b18a2d59ce380850b242f12efed51851a996b3df39030b3402f083eCisco Security Advisory - Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721. Cisco has released free software updates that address this vulnerability. No workaround is available to mitigate these vulnerabilities.
ab4bea1ebd1ba57b4060bcb395b0421cdfff78b3bd1dd7eb1abae189ecc567b8Cisco Security Advisory - Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
f0a1764cc981219b3d27b980fae79b2af26ed707cf6df83f2e1317f8ace81208Cisco Security Advisory - Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
1fd75f7c49831741da31e0746508a56210ac67a54db6f06fc9060bf2b73af835Cisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator. There are no workarounds available to mitigate exploitation of this vulnerability that can be applied on the Cisco Video Surveillance IP Cameras. Mitigations that can be deployed on Cisco devices within the network are available.
90d5db5f360bea70d066f68d948ac86a0da38099919bc817eed564bf311599c8Cisco Security Advisory - CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
ccc9e012bcd8f6b0bed315b0dc87401e74a02c8bd62a27a8fa6e99c2c3793094Cisco Security Advisory - The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. The first vulnerability allows an unauthenticated user to access several administrative web pages. The second vulnerability permits an authenticated user to execute arbitrary code on the device under the privileges of the web server user account. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities.
7a113c31041d3d58ec473ebb51b8d36780a4cb34684a43b54312d1855a2a387fCisco Security Advisory - The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by denial of service and authentication bypass vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities disclosed in this advisory.
1980df1264c7c18bea334698b2c6ac809c1c4712eeff294abd73ca1e92cf85f7Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.
8ce35dd3d112d57ad29a825ced5787873ad01a22b0b5981422159dab38877d4fCisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by denial of service and authentication bypass vulnerabilities.
073964b616dbb1d2cf327038f0dbbeead07dfb3fcc23456be8257b230bbd14a6Cisco Security Advisory - The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability.
8afb0a933ae726a37083974b6edfb4286fe02ce52c35a4f68e9a52527e931a5dCisco Security Advisory - A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
30ed0013cb4d5700a0c23989105d6c2f67a01ac48fda81f2c50cd3b61cff7904Cisco Security Advisory - Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.
9e20f1f90416b651deeab8b2cf059be0432ae5c35145f7039e3a54ff50f68bbcCisco Security Advisory - A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability.
a1d9dd0dc2a21a545fe286133f4295ddebf8ededd7568b3f907daf79a585397e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed