News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 25, 2014, 14:58:07
Pages: 1 2 [3] 4 5 ... 12   Go Down
  Print  
Topic: Cisco advisories/updates  (Read 46287 times)
0 Members and 2 Guests are viewing this topic.
« Reply #30 on: December 16, 2009, 20:56:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco WebEx WRF Player vulns
- http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml
2009 December 16 - "Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server... Multiple buffer overflow vulnerabilities exist in the WRF Player. The vulnerabilities may lead to a crash of the WRF Player application, or in some cases, lead to remote code execution...
(CVE) identifiers:
* CVE-2009-2875
* CVE-2009-2876
* CVE-2009-2877
* CVE-2009-2878
* CVE-2009-2879
* CVE-2009-2880 ...
There are no workarounds for the vulnerabilities disclosed in this advisory... Cisco has released free software updates that address these vulnerabilities..."

- http://isc.sans.org/diary.html?storyid=7762
Last Updated: 2009-12-16 20:00:37 UTC

- http://secunia.com/advisories/37810/2/
Release Date: 2009-12-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...

 Exclamation
« Last Edit: December 17, 2009, 03:59:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #31 on: January 23, 2010, 06:36:17 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco IOS / DoS vuln - update available
- http://secunia.com/advisories/38227/2/
Release Date: 2010-01-21
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
OS: Cisco IOS XR 3.x ...
Solution: Update to fixed versions. Please see the vendor's advisory for details.
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml

- http://atlas.arbor.net/briefs/index#1942399210

Cisco InternetWork Performance Monitor GIOP Request Buffer Overflow
- http://secunia.com/advisories/38230/2/
Last Update: 2010-01-22
Critical: Moderately critical
Impact: DoS, System access
Where: From local network
Solution: Contact the vendor for instructions on migrating to non-vulnerable software
(please see the vendor advisory for details).
Restrict network access to an affected system.
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20100120-ipm.shtml

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #32 on: January 28, 2010, 05:45:07 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco Unified MeetingPlace - multiple vulns
- http://secunia.com/advisories/38259/2/
Release Date: 2010-01-28
Critical: Moderately critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation
Where: From remote
Solution Status: Vendor Patch
Software: Cisco Unified MeetingPlace 5.x, Cisco Unified MeetingPlace 6.x, Cisco Unified MeetingPlace 7.x
Solution: Update to the latest version.
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278785523
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml

- http://securitytracker.com/alerts/2010/Jan/1023511.html
CVE Reference: CVE-2010-0139, CVE-2010-0140, CVE-2010-0141, CVE-2010-0142
Date: Jan 27 2010

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0139
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0140
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0141
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0142

- http://www.us-cert.gov/current/#cisco_releases_security_advisory_for16
January 28, 2010

Multiple Vulnerabilities in Cisco Unified MeetingPlace
- http://atlas.arbor.net/briefs/index#-478562949
Severity: Elevated Severity
Published: Friday, January 29, 2010 19:03
"Multiple issues have been found and fixed in Cisco Unified MeetingPlace versions 5, 6, and 7. These bugs could allow for SQL injection, privilege escalation, account enumeration, and unauthorized new account creation. Cisco has made updated software available to their customers to address these issues.
Analysis: Sites using Cisco Unified MeetingPlace should review this update and apply the updates soon."

 Exclamation
« Last Edit: February 01, 2010, 19:59:14 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #33 on: February 02, 2010, 06:36:40 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco Secure Desktop vuln - update available
- http://secunia.com/advisories/38397/2/
Release Date: 2010-02-02
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
OS: Cisco Adaptive Security Appliance (ASA) 8.x
Software: Cisco Secure Desktop 3.x
Solution: Update to fixed versions:
Cisco Secure Desktop: Update to version 3.5.
Cisco ASA 5500 Series Adaptive Security Appliances:
Update to version 8.2(1), 8.1(2.7), or 8.0(5)
Original Advisory: Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #34 on: February 17, 2010, 14:46:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco releases multiple Security Advisories
- http://www.us-cert.gov/current/#cisco_releases_multiple_security_advisories
February 17, 2010
> http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910e.shtml
Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.
> http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml
Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.
> http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml
Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition...

- http://atlas.arbor.net/briefs/index#1477198596
February 17, 2010

Cisco PIX 500
- http://secunia.com/advisories/38636

Cisco Firewall Services Module
- http://secunia.com/advisories/38621/

Cisco ASA 5500
- http://secunia.com/advisories/38618/

 Exclamation
« Last Edit: February 18, 2010, 03:41:34 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #35 on: March 04, 2010, 04:44:45 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco - multiple advisories...
- http://www.us-cert.gov/current/#cicso_releases_multiple_security_advisories
March 4, 2010

- http://secunia.com/advisories/38799/
Release Date: 2010-03-04
Criticality level: Moderately critical
Impact:   Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Operating System: Cisco Digital Media Player 5.x
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml

- http://secunia.com/advisories/38754/
Release Date: 2010-03-04
Criticality level: Moderately critical
Impact:   DoS
Solution Status: Vendor Patch
Software: Cisco Unified Communications Manager 4.x, Cisco Unified Communications Manager 6.x, Cisco Unified Communications Manager 7.x
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

- http://secunia.com/advisories/38824/
Software: Cisco Unified Communications Manager 5.1 reached the End of Software Maintenance on 2010-02-13...
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

 Exclamation
« Last Edit: March 04, 2010, 21:44:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #36 on: March 24, 2010, 17:55:56 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco - 7 security updates
- http://isc.sans.org/diary.html?storyid=8488
Last Updated: 2010-03-24 22:52:39 UTC - "... information at their site:
- http://www.cisco.com/en/US/products/products_security_advisories_listing.html ..."
24-March-2010 16:00 GMT

- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee1.shtml
2010 March 24 1600 UTC

- http://atlas.arbor.net/briefs/index#1182447196
March 24, 2010 - "... Cisco has released 7 security bulletins for its IOS, IOS XR, and CUCM product features, all of which are denial of service issues..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0584
Last revised: 03/26/2010
CVSS v2 Base Score: 7.8 (HIGH)

 Exclamation
« Last Edit: March 28, 2010, 02:04:29 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #37 on: April 16, 2010, 02:28:32 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco Secure Desktop vuln - update available
- http://secunia.com/advisories/39459/
Release Date: 2010-04-15
Criticality level: Highly critical
Impact: System access
Solution Status: Vendor Patch
Software: Cisco Secure Desktop 3.x, Cisco Secure Desktop Installer ActiveX Control 1.x
CVE Reference: CVE-2010-0589
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #38 on: May 14, 2010, 05:26:56 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco PGW vulns - updates available
- http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml
2010 May 12 - "Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products... Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities... All vulnerabilities listed in this Security Advisory are addressed in Cisco PGW 2200 Softswitch version 9.7(3)S11, version 9.8(1)S5, and subsequent, software releases..."

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

- http://atlas.arbor.net/briefs/index#-1480011314
May 12, 2010 - Elevated Severity - "Analysis: This is a big set of medium risk vulnerabilities. We encourage sites using the PGW 2200 to update soon to address them."
 
 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #39 on: May 27, 2010, 00:45:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco Network Building Mediator - updates available
- http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml
May 26, 2010 - "These vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are affected by all vulnerabilities listed in this security advisory... Fixed 3.1.1 and 3.0.9 Mediator Framework software can be downloaded from the Software Center... by visiting http://www.cisco.com/cisco/psn/web/download/index.html and navigating to Physical Security and Building Systems > Smart Connected Buildings > Cisco Network Building Mediator. To obtain fixed 1.5.1 and 2.2 Mediator Framework software and configTOOL version 3.1.0b1 contact Cisco TAC... There are no workarounds for these vulnerabilities..."

- http://securitytracker.com/alerts/2010/May/1024027.html
May 26 2010

 Exclamation
« Last Edit: May 27, 2010, 06:40:27 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #40 on: June 26, 2010, 03:42:47 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco Application Extension Platform (AXP) 1.1 and 1.1.5
allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1572
Last revised: 06/17/2010
CVSS v2 Base Score: 9.0 (HIGH)
Type: Advisory; Patch Information
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml

Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2)
unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1571
Last revised: 06/17/2010
CVSS v2 Base Score: 7.8 (HIGH)
Type: Advisory; Patch Information
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #41 on: July 12, 2010, 06:11:58 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

- http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml
2010 July 07 - "Summary: Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS® Software releases 12.2(52)SE or 12.2(52)SE1, contain a vulnerability where well known SNMP community names are hard-coded for both read and write access. The hard-coded community names are "public" and "private." Cisco recommends that all administrators deploy the mitigation measures outlined in the Workarounds section or perform a Cisco IOS Software upgrade... Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...
Impact: Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1574
CVSS v2 Base Score: 10.0 (HIGH)
- http://www.kb.cert.org/vuls/id/732671
Date Last Updated: 2010-07-12

- http://www.vsecurity.com/resources/advisory/20100702-1/
2010-07-02 "... Cisco CSS 11500 Series Content Services Switch... implement more stringent request validation and/or corrections when receiving requests which do not utilize HTTP-compliant newlines... Three primary approaches are possible..."
- http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1575
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1576
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2629
CVSS v2 Base Score: 7.5 (HIGH)

 Exclamation Exclamation
« Last Edit: July 13, 2010, 15:49:16 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #42 on: July 22, 2010, 02:26:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Cisco CDS vuln - update available
- http://secunia.com/advisories/40701/
Release Date: 2010-07-22
Criticality level: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Software: Cisco Content Delivery System 2.x
CVE Reference: CVE-2010-1577
... The vulnerability is reported in versions 2.2.x, 2.3.x, 2.4.x, and 2.5.x.
Solution: Update to version 2.5.7 or later.
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
Last Updated: 2010 July 29 Revision 1.1 - "Updated Details and Workaround sections..."

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html
29-July-2010

- http://atlas.arbor.net/briefs/
July 23, 2010

 Exclamation
« Last Edit: July 30, 2010, 07:51:59 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #43 on: August 04, 2010, 13:03:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

Multiple Cisco Advisories
- http://isc.sans.edu/diary.html?storyid=9331
Last Updated: 2010-08-04 18:35:02 UTC

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances, impact is DoS.
Advisory ID: cisco-sa-20100804-asa
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml

- http://securitytracker.com/alerts/2010/Aug/1024279.html
Aug 4 2010

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module, impact is DoS.
Advisory ID: cisco-sa-20100804-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml

- http://securitytracker.com/alerts/2010/Aug/1024280.html
Aug 4 2010

 Exclamation
« Last Edit: August 06, 2010, 06:56:57 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #44 on: August 12, 2010, 14:42:46 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8405



FYI...

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

- http://tools.cisco.com/security/center/home.x

- http://tools.cisco.com/security/center/viewAllSearch.x

Cisco ACE vuln - update available
- http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml
2010 August 11 - "The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities:
• Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
• HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability
• Secure Socket Layer (SSL) DoS vulnerability
• SIP inspection DoS vulnerability
Cisco has released free software updates for affected customers. Workarounds that mitigate some of the vulnerabilities are available.
Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another..."

Cisco WCS SQL Injection - update available
- http://www.cisco.com/warp/public/707/cisco-sa-20100811-wcs.shtml
2010 August 11 - "Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability..."

Cisco IOS TCP vuln
- http://secunia.com/advisories/40958/
Release Date: 2010-08-13
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Operating System: Cisco IOS 15.0
CVE Reference: CVE-2010-2827
Original Advisory:
- http://www.cisco.com/warp/public/707/cisco-sa-20100812-tcp.shtml

- http://securitytracker.com/alerts/2010/Aug/1024322.html
- http://securitytracker.com/alerts/2010/Aug/1024321.html
- http://securitytracker.com/alerts/2010/Aug/1024335.html

 Exclamation Exclamation
« Last Edit: August 13, 2010, 02:07:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 2 [3] 4 5 ... 12   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.24 seconds with 19 queries.