FYI...

"Cisco has released two updates to their products to address low to medium severity risks."
- http://atlas.arbor.net/briefs/index#-569328674
January 23, 2008

Title: Cisco PIX and ASA Time-to-Live Vulnerability
Severity: Elevated Severity ( http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0028 )
> http://www.cisco.com/en/US/products/produc...08093942e.shtml

Title: Cisco Default Passwords in the Application Velocity System
Severity: Normal Severity ( http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0029 )
> http://www.cisco.com/en/US/products/produc...080939431.shtml

- http://isc.sans.org/diary.html?storyid=3878
Last Updated: 2008-01-24 01:17:54 UTC

- http://www.us-cert.gov/current/#cisco_rele..._advisories_to3
January 23, 2008

.

This post has been edited by AplusWebMaster: Jun 10 2008, 02:32 PM

FYI...

- http://atlas.arbor.net/briefs/

Title: Cisco Unified Communications Manager SQL Injection
Severity: Normal Severity
Published: Thursday, February 14, 2008 19:52
Cisco Unified Communications Manager is vulnerable to SQL Injection attacks. Fixes are available from Cisco.
Analysis: Specifically, the parameter 'key' is not sanitized. An attacker exploit this issue by using crafted SQL queries to inject arbitrary data into the database.Fixes are available from Cisco.
Source: http://www.cisco.com/en/US/products/produc...080949c7c.shtml
Source: http://secunia.com/advisories/28935/

Title: Cisco Unified IP Phone Multiple Vulnerabilities
Severity: Elevated Severity
Published: Thursday, February 14, 2008 19:52
Multiple vulnerabilities in Cisco Unified IP Phone were found. Exploitation could result in attackers compromising the Phone or cause a DoS. Patches are available. No known exploit is available yet.
Analysis: The internal SSH server is prone to a buffer overflow which can be exploited by sending crafted packets to port 22. Crafted SIP messages could trigger a buffer overflow condition while handling MIME data. Exploiting this could result in code execution. The phone can also be rebooted by sending crafted packets as HTTP requests or by sending very large ICMP echo request packets. If a Telnet server is running on the phone, it can be exploited to cause a buffer overflow and execution of code on the phone.Cisco has released new Firmware fixing these issues.
Source: http://www.cisco.com/en/US/products/produc...080949c7a.shtml
Source: http://secunia.com/advisories/28935/

FYI...

Cisco security advisory overview
- http://isc.sans.org/diary.html?storyid=4199
Last Updated: 2008-03-27 09:06:42 UTC (ISC analysis/overview) - "Cisco released today its quarterly lump of security advisories*. A quick overview might help in prioritizing your actions...
* http://www.cisco.com/warp/public/707/cisco...26-bundle.shtml

- http://secunia.com/advisories/29507/
Release Date: 2008-03-27
Critical: Moderately critical
Impact: Manipulation of data, Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch...

- http://secunia.com/advisories/29559/
Release Date: 2008-03-27
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...

This post has been edited by AplusWebMaster: Mar 27 2008, 08:15 PM

FYI...

Cisco Unified Communications Manager, formerly Cisco CallManager
- http://www.cisco.com/en/US/products/produc...8.shtml#summary
2008 May 14 1600 UTC (GMT)

Cisco Unified Presence
- http://www.cisco.com/en/US/products/produc...2.shtml#summary
2008 May 14 1600 UTC (GMT)

Cisco Content Switching Module
- http://www.cisco.com/en/US/products/produc...4.shtml#summary
2008 May 14 1600 UTC (GMT)



This post has been edited by AplusWebMaster: Jun 7 2008, 03:50 AM

FYI...

- http://www.us-cert.gov/current/#cisco_rele...ity_advisories2
May 22, 2008 - "Cisco has released three security advisories to address multiple vulnerabilities in Cisco IOS Secure Shell, Service Control Engine, and Voice Portal. These vulnerabilities may allow an attacker to take control of the affected system or cause a denial-of-service condition. US-CERT encourages users to review the following Cisco Security Advisories and apply any necessary updates or workarounds.

* Cisco IOS Secure Shell Denial of Service Vulnerabilities
- http://www.cisco.com/en/US/products/produc...08099567f.shtml
* Cisco Service Control Engine Denial of Service Vulnerabilities
- http://www.cisco.com/en/US/products/produc...08099bf65.shtml
* Cisco Voice Portal Privilege Escalation Vulnerability
- http://www.cisco.com/en/US/products/produc...08099beae.shtml

FYI...

- http://isc.sans.org/diary.html?storyid=4523
Last Updated: 2008-06-04 20:04:45 UTC - "Cisco has released details* on 5 vulnerabilities with their PIX and ASA product lines. In short, the quick bullet list of vulnerabilities is:
- Crafted TCP ACK Packet Vulnerability (Denial of Service)
- Crafted TLS Packet Vulnerability (Denial of Service)
- Instant Messenger Inspection Vulnerability (Denial of Service)
- Vulnerability Scan Denial of Service (Denial of Service)
- Control-plane Access Control List Vulnerability (Bypass ACL)
Updates are available to fix all of the above and there are no workarounds for the final four of these. In short, update your devices. Good news is that these were internal finds and it doesn't appear there is exploitation or "public" knowledge of the vulnerability details to create exploits."
* http://www.cisco.com/warp/public/707/cisco...80604-asa.shtml

Software Versions and Fixes
- http://www.cisco.com/warp/public/707/cisco....shtml#software

FYI...

SNMP v3 authentication vuln
- http://www.cisco.com/warp/public/707/cisco...3.shtml#summary
2008 June 10 - "...Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available.."

FYI...

Cisco IPS vuln - update available
- http://isc.sans.org/diary.html?storyid=4591
Last Updated: 2008-06-18 17:57:48 UTC - "Cisco Intrusion Prevention System (IPS) platforms that have gigabit network interfaces installed and are deployed in inline mode contain a denial of service vulnerability in the handling of jumbo Ethernet frames... Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. This advisory is posted here*."
* http://www.cisco.com/warp/public/707/cisco...s.shtml#summary
2008 June 18 - "...vulnerability may lead to a kernel panic that requires a power cycle to recover platform operation... Cisco IPS versions are affected:
* Cisco Intrusion Prevention System version 5.x prior to 5.1(8)E2
* Cisco Intrusion Prevention System version 6.x prior to 6.0(5)E2 ..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2060

FYI...

Multiple Cisco Products DoS vuln
- http://atlas.arbor.net/briefs/index#-673272965
Severity: Elevated Severity - July 02, 2008 - "Multiple vulnerabilities in Cisco products have been found, which can be exploited to crash the application or cause a DoS because of a vulnerability in a third party cryptographic library. Fixes are available. No known exploits are available.
Analysis: The issue occurs when parsing a crafted Abstract Syntax Notation One (ASN.1) object. In certain cases, an attacker can trigger this vulnerability without a valid certificate or authentication. The vulnerable products are Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Service Module (FWSM) and Cisco Unified CallManager.
Source: Vulnerability In Crypto Library:
- http://www.cisco.com/en/US/products/produc...0809bb300.shtml

FYI...

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
- http://www.cisco.com/warp/public/707/cisco...s.shtml#details
2008 July 08 - "...The following Cisco products that offer DNS server functionality have been found to be susceptible to DNS cache poisoning attacks:
* Cisco IOS Software: The vulnerability documented in Cisco bug ID CSCso81854 (registered customers only) .
* Cisco Network Registrar: The vulnerability documented in Cisco bug ID CSCsq01298 (registered customers only) .
* Cisco Application and Content Networking System (ACNS): The vulnerability documented in Cisco bug ID CSCsq21930 (registered customers only) .
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2008-1447..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447

//

FYI...

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
- http://www.cisco.com/warp/public/707/cisco...s.shtml#summary
Updated 2008 July 29 - "Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates* that address these vulnerabilities..."
* http://www.cisco.com/warp/public/707/cisco....shtml#software

FYI...

WebEx Meeting Mgr...
- http://www.cisco.com/warp/public/707/cisco...814-webex.shtml
Last Updated 2008 August 15 - "...A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting Manager. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine...
The WebEx Meeting Manager downloads several components to meeting participants before they join a WebEx meeting. The vulnerability in this Security Advisory affects the atucfobj.dll library...

- http://www.kb.cert.org/vuls/id/661827
08/15/2008 - "...Solution: The Cisco Security Advisory indicates that WebEx meeting participants will automatically receive a fixed version of atucfobj.dll when they join a meeting on a server with fixed software. Version 26.49.9.2838 is the first fixed version for WBS 26 users..."

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3558
Last revised: 8/11/2008



This post has been edited by AplusWebMaster: Aug 18 2008, 01:16 PM

FYI...

Cisco WebEx Meeting Manager Drive-By Exploit
- https://forums.symantec.com/syment/blog/art...sage.uid=345462
08-22-2008 07:08 PM - "On August 20, our honeypots began to receive attacks against the Cisco WebEx Meeting Manager vulnerability. This August 6 vulnerability exists in the ActiveX control used by WebEx to permit users to participate in meetings via Internet Explorer. Users running the vulnerable version of the Webex control who happened upon a Web site distributing the exploit would become infected. The first exploits that we have seen so far have been served via gaming sites that have had the exploit package injected on to them. While WebEx will automatically patch each user when they join a meeting hosted on a patched server, this vulnerability is only two weeks old. Many vulnerable users may have been on holidays, making it reasonably likely that some users will become infected by visiting day-to-day Web sites before their next WebEx meeting..."

FYI...

Cisco ASA and PIX multiple vulns
- http://secunia.com/advisories/31730/
Release Date: 2008-09-04
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch
OS: Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco PIX 7.x, Cisco PIX 8.x
...The vulnerability is reported in Cisco ASA devices running software versions 8.0 or 8.1 with clientless VPNs enabled. Cisco ASA devices that run software versions 7.0, 7.1, or 7.2 are not affected.
Solution: Update to fixed versions (please see the vendor's advisory for details).
Provided and/or discovered by: Reported by the vendor.
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco...80903-asa.shtml

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2732
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2733
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2734
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2735
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2736

//

Cisco Secure ACS EAP DoS
- http://secunia.com/advisories/31731/
Release Date: 2008-09-04
Critical: Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch
OS: Cisco Secure ACS Solution Engine 3.x, Cisco Secure ACS Solution Engine 4.x ...
Solution: Apply patches. Please see the vendor advisory for details...
Original Advisory: Cisco:
http://www.cisco.com/warp/public/707/cisco...903-csacs.shtml

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2441

FYI...

Cisco - multiple alerts
- http://www.us-cert.gov/current/#cisco_rele...security_alerts
September 24, 2008 - "Cisco has released multiple security alerts to address vulnerabilities in the Unified Communications Manager and IOS. These vulnerabilities may allow a remote unauthenticated attacker to cause a denial-of-service condition, obtain sensitive information, or operate with escalated privileges..."

Direct links available here:
- http://www.cisco.com/en/US/products/produc...es_listing.html
(See those dtd. 24-Sept-2008)

Cisco IOS multiple vulnerabilities
- http://secunia.com/advisories/31990/
Release Date: 2008-09-25
Critical: Moderately critical

ISC analysis
- http://isc.sans.org/diary.html?storyid=5078
Last Updated: 2008-09-26 03:16:41 UTC

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2739
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3798
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3800
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3801
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3802
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3803
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3804
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3805
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3806
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3807
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3808
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3809
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3810
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3811
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3812
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3813



This post has been edited by AplusWebMaster: Sep 27 2008, 05:38 AM