Tech Talk

[Cisco - multiple security advisories]

FYI...

Cisco - multiple security advisories...
> http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Default Credentials Vulnerability in Cisco Network Registrar
- http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml

Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
- http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
- http://www.cisco.com/warp/public/707/cisco-sa-20110601-ac.shtml

Default Credentials for root Account on the Cisco Media Experience Engine 5600
- http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml
___

- http://www.securitytracker.com/id/1025588
- http://www.securitytracker.com/id/1025589
- http://www.securitytracker.com/id/1025590
- http://www.securitytracker.com/id/1025591
Jun 1 2011

 

[Cisco Content Services Gateway DoS vuln]

FYI...

Cisco Content Services Gateway DoS vuln
- http://secunia.com/advisories/45148/
Release Date: 2011-07-07
Impact: DoS
Where: From local network
CVE Reference: CVE-2011-2064
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20110706-csg.shtml
2011 July 06

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

 

[Cisco ASR 9000 Series Routers]

FYI...

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco ASR 9000 Series Routers...
- http://www.cisco.com/warp/public/707/cisco-sa-20110720-asr9k.shtml
2011 July 20
Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability...

Cisco SA 500 Series Security Appliances
- http://www.cisco.com/warp/public/707/cisco-sa-20110720-sa500.shtml
2011 July 20
Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities...
___

- http://www.securitytracker.com/id/1025810
Jul 20 2011
- http://www.securitytracker.com/id/1025811
Jul 20 2011

 

[Cisco mitigation Bulletin: Default credentials - Root Account - TelePresence Recording Svr]

FYI...

- http://www.us-cert.gov/current/#cisco_releases_security_advisory_and
July 31, 2011
___

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco mitigation Bulletin: Default credentials - Root Account - TelePresence Recording Svr
- http://www.cisco.com/warp/public/707/cisco-amb-20110729-tp.shtml
29-Jul-2011 - "Cisco TelePresence Recording Server Software Release 1.7.2.0  includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings...
CVE Reference: CVE-2011-2555
Workarounds: A workaround exists to mitigate and fix this vulnerability. The workaround requires manual intervention on the affected system. Please contact the Cisco Technical Assistance Center (TAC) for instructions on how to implement this workaround. Customers are advised to migrate to Cisco TelePresence Recording Server software version 1.7.2.1...
Device-Specific Mitigation and Identification: Specific information about mitigation and identification is available for these devices:
    Cisco IOS Routers and Switches
    Cisco IOS NetFlow
    Cisco ASA and FWSM Firewalls ...
Cisco has released free software updates that address this vulnerability..."
- http://tools.cisco.com/security/center/searchAIR.x

- http://www.securitytracker.com/id/1025872
Jul 29 2011

 

[Cisco - infected CDs]

FYI...

Cisco - infected CDs ...
- http://www.cisco.com/warp/public/707/cisco-sr-20110803-cd.shtml
2011 August 03 - "... In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository. When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user... the third-party site in question is currently -inactive- as a malware repository, so customers are not in immediate danger of having their computers compromised. However, if this third-party web site would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser. All warranty CDs printed with "Revision -F0" (or later) do not contain references to the third-party website and do not introduce a potential to compromise customers' computers... Although there are no distinguishable markings on the CDs, all warranty CDs shipped in the period of December 2010 through August 2011 do contain a reference to the third-party site..."
(More detail available at the Cisco URL above.)
___

- http://www.securitytracker.com/id/1025883
Aug 3 2011

- https://isc.sans.edu/diary.html?storyid=11302
Last Updated: 2011-08-03

- http://www.theregister.co.uk/2011/08/05/cisco_malwary_cd_warning/
5 August 2011

 

[Cisco IOS Login]

FYI...

Cisco IOS Login...
- http://www.securitytracker.com/id/1025964
Aug 23 2011
CVE Reference: CVE-2011-1624
... A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (12.2(58)SE1).
... advisory is available at:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto62631

Cisco IOS Data-Link Switching...
- http://www.securitytracker.com/id/1025965
Aug 23 2011
CVE Reference: CVE-2011-1625
... A remote user can the target device to crash and reload.
Solution: The vendor has issued a fix (12.2(33)SCF).
The vendor's advisory is available at:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtf74999

 

[Cisco Intercompany Media Engine]

FYI...

> http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco Intercompany Media Engine...
- http://www.securitytracker.com/id/1025969
Aug 24 2011
CVE Reference: CVE-2011-2563, CVE-2011-2564
Impact: Denial of service via network
Version(s): 8.0.x...
Solution: The vendor has issued a fix (8.5(1)), available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml

Cisco Unified Communications Manager...
- http://www.securitytracker.com/id/1025970
Aug 24 2011
CVE Reference: CVE-2011-2560, CVE-2011-2561, CVE-2011-2562, CVE-2011-2563, CVE-2011-2564
Impact: Denial of service via network
Version(s): 4.x, 6.x, 7.x, 8.x
Solution: The vendor has issued a fix (6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, 8.6(1))... available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml

Cisco Unified Communications Manager...
- http://www.securitytracker.com/id/1025971
Aug 24 2011
CVE Reference: CVE-2011-1643
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Version(s): 6.x, 7.x, 8.0, 8.5
Solution: The vendor has issued a fix. A patch matrix is available... at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm-cups.shtml

Cisco Unified Presence...
- http://www.securitytracker.com/id/1025972
Aug 24 2011
CVE Reference: CVE-2011-1643
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Version(s): 6.x, 7.x, 8.0, 8.5
Solution: The vendor has issued a fix. A patch matrix is available... at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm-cups.shtml
___

- https://www.us-cert.gov/current/#cisco_releases_security_advisories4
August 25, 2011
___

- https://secunia.com/advisories/45738/
- https://secunia.com/advisories/45741/
- https://secunia.com/advisories/45743/
- https://secunia.com/advisories/45772/
2011-08-25

 

[Cisco TelePresence vuln - update available]

FYI...

Cisco TelePresence vuln - update available
- http://www.securitytracker.com/id/1025994
Aug 31 2011
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2577
Impact: A remote user can cause the target device to crash.
Solution: The vendor has issued a fix (TC 4.0.0, F9.1).
... vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110831-tandberg.shtml

 

[CiscoWorks LAN Management Solution vuln]

FYI...

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

CiscoWorks LAN Management Solution vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml
Revision 1.1 - Updated 2011 September 19
"Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities... Both vulnerabilities are documented... and have been assigned CVE ID CVE-2011-2738..."

Cisco Unified Service Monitor and Cisco Unified Operations Manager vulns
- http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml
2011 September 14 - "Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities... Both of these vulnerabilities are documented... and have been assigned CVE ID CVE-2011-2738..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2738
Last revised: 09/19/2011
CVSS v2 Base Score: 10.0 (HIGH)
___

Download - Cisco Software Center
- http://www.cisco.com/cisco/software/navigator.html
___

Apache HTTPd DoS vuln ...
- http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
Revision 1.6 - Updated 2011 September 15
... Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory:
- http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=24024
___

- http://www.securitytracker.com/id/1026046
- http://www.securitytracker.com/id/1026047
- http://www.securitytracker.com/id/1026048
Sep 14 2011

- https://secunia.com/advisories/46016/
Release Date: 2011-09-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
... CiscoWorks LAN Management Solution... vulnerabilities are reported in versions 3.1 and 3.2.
Solution: Upgrade to version 4.1.
Original Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml

- https://secunia.com/advisories/45979/
Release Date: 2011-09-15
Criticality level: Moderately critical
Impact: System access
Where: From local network
... vulnerabilities are reported in the following products:
* CiscoWorks Prime LAN Management Solution version 4.0.
* Cisco Unified Service Monitor prior to version 8.6.
* Cisco Unified Operations Manager prior to version 8.6.
Solution: Update to a fixed version.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml
___

Cisco Nexus 5000 and 3000 Series Switches vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110907-nexus.shtml
2011 September 07 - "A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability... This vulnerability is documented... and has been assigned CVE ID CVE-2011-2581..."
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2581
Original release date: 09/14/2011

 

[Cisco IOS Software IPv6over MPLS vulns]

FYI...

Semi-Annual Cisco IOS Software Security Advisory Bundled Publication
- http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
September 28, 2011
___

> http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco IOS Software IPv6over MPLS vulns
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml
2011 September 28

Cisco IOS Software IPS and Zone-Based Firewall vulns
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml
2011 September 28

Cisco IOS Software IP Svc Level Agreement vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml
2011 September 28

Cisco 10000 Series DoS vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-c10k.shtml
2011 September 28

Cisco IOS Software Smart Install vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml
2011 September 28

Cisco UCM vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml
2011 September 28

Cisco IOS Software Data-Link Switching vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml
2011 September 28

Cisco IOS Software NAT vulns
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml
2011 September 28

Cisco IOS Software IPv6 DoS vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml
2011 September 28

Cisco IOS Software Session Initiation Protocol DoS vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml
2011 September 28

Jabber Extensible Communications Platform/Cisco Unified Presence XML DoS vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml
2011 September 28

 

[Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services multiple vulns]

FYI...

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services multiple vulns...
- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml
2011 October 05 - "... affected by multiple vulnerabilities as follows:
 MSN Instant Messenger (IM) Inspection Denial of Service vulnerability
 TACACS+ Authentication Bypass vulnerability
 Four SunRPC Inspection Denial of Service vulnerabilities
 Internet Locator Service (ILS) Inspection Denial of Service vulnerability..."

Cisco Firewall Services multiple vulns...
- http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml
2011 October 05 - "... affected by the following vulnerabilities:
 Syslog Message Memory Corruption Denial of Service Vulnerability
 Authentication Proxy Denial of Service Vulnerability
 TACACS+ Authentication Bypass Vulnerability
 Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities
 Internet Locator Server (ILS) Inspection Denial of Service Vulnerability..."

Cisco Network Admission Control Manager Directory Traversal vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml
2011 October 05 - "... directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability..."
___

- http://www.securitytracker.com/id/1026140
CVE Reference: CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303, CVE-2011-3304
- http://www.securitytracker.com/id/1026141
CVE Reference: CVE-2011-3296, CVE-2011-3297, CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303
- http://www.securitytracker.com/id/1026142
CVE Reference: CVE-2011-3305
Oct 5 2011

 

[Cisco TelePresence Video Communication Svr vuln]

FYI...

- http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Cisco TelePresence Video Communication Svr vuln
- http://www.cisco.com/warp/public/707/cisco-sr-20111012-vcs.shtml
Release 2011 October 12
A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks...
Cisco TelePresence Video Communication Server Software versions earlier than X7.0 are affected. This vulnerability has been corrected in Cisco TelePresence Video Communication Server Software version X7.0... CVE-2011-3294...

- http://securitytracker.com/id/1026186
CVE Reference: CVE-2011-3294
Date: Oct 13 2011
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version: VCS prior to 7.0
Description: A vulnerability was reported in Cisco TelePresence Video Communication Server. A remote user can conduct cross-site scripting attacks...
___

Cisco IOS Smart Install vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml
Revision 1.2
Last Updated 2011 October 11
Release 2011 September 28
Summary: A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature...
___

Cisco IOS IP SLA vuln
- http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml
Revision 1.2
Last Updated 2011 October 10
Release 2011 September 28
Summary: The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability...

 

[CiscoWorks Common Services Arbitrary Command Execution Vulnerability]

FYI...

- http://tools.cisco.com/security/center/publicationListing

CiscoWorks Common Services Arbitrary Command Execution Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs
October 19, 2011 - "CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
- http://www.securitytracker.com/id/1026226
CVE Reference: CVE-2011-3310
Date: Oct 19 2011

Cisco Show and Share Security Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns
October 19, 2011 - "The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. The first vulnerability allows an unauthenticated user to access several administrative web pages. The second vulnerability permits an authenticated user to execute arbitrary code on the device under the privileges of the web server user account. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities..."
- http://www.securitytracker.com/id/1026227
CVE Reference: CVE-2011-2584, CVE-2011-2585
Date: Oct 19 2011

- https://www.us-cert.gov/current/#cisco_releases_two_security_advisories
October 19, 2011 - "... vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions..."
___

CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110914-lms
Updated October 19, 2011 - Revision 1.2

Cisco IOS Software Data-Link Switching Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-dlsw
Updated October 18, 2011 -  Revision 1.1

Cisco IOS Software IP Service Level Agreement Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-ipsla
Updated October 18, 2011 -  Revision 2.1

 

[Cisco Unified Contact Center Express Directory Traversal Vulnerability]

FYI...

- http://tools.cisco.com/security/center/publicationListing

Cisco Unified Contact Center Express Directory Traversal Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx
October 26, 2011 - Version 1.0

Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera
October 26, 2011 - Version 1.0

Cisco Security Agent Remote Code Execution Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa
October 26, 2011 - Version 1.0

Buffer Overflow Vulnerabilities in the Cisco WebEx Player
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
October 26, 2011 - Version 1.0

- https://www.us-cert.gov/current/#cisco_releases_multiple_security_advisories4
October 26, 2011 - "... These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information..."
___

- Updated:

Cisco Unified Communications Manager Denial of Service Vulnerabilities
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110824-cucm
October 26, 2011 - Version 1.2

Cisco Unified Communications Manager Directory Traversal Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm
October 26, 2011 - Version 1.1

Cisco IOS Software Smart Install Remote Code Execution Vulnerability
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install
October 26, 2011 - Version 1.3

 

[Cisco Nexus OS vuln]

FYI...

Cisco Nexus OS vuln
- http://securitytracker.com/id/1026254
Date: Oct 28 2011
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2569
Impact: Root access via local system, User access via local system
Fix Available: Yes - Vendor Confirmed: Yes 
Description: A vulnerability was reported in Cisco NX-OS. A local user can obtain elevated privileges on the target system...
The vendor's advisory is available at:
> http://tools.cisco.com/security/center/viewAlert.x?alertId=24458