332 replies to this topic

[AplusWebMaster]

FYI...

Evolution in Attacks Against Cisco IOS Software Platforms
- http://tools.cisco.c...x?alertId=40411
2015 Aug 11 - "Summary: Cisco PSIRT has released information regarding increasingly complex attacks against platforms running Cisco IOS Software.
Description: Cisco PSIRT has contacted customers to describe an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image. In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials and then used the ROMMON field upgrade process to install a malicious ROMMON. Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot. No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful. The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks. No CVE ID will be assigned.
The Cisco PSIRT has recently updated a number of technical documents to include information regarding the ROMMON attack as well as other threats to Cisco IOS devices. The following white papers are publicly available and provide information for preventing, detecting, and remediating potential compromise on Cisco IOS devices.
- Cisco IOS Software Integrity Assurance:
> http://www.cisco.com...-assurance.html
- Cisco Guide to Harden IOS Devices:
> http://www.cisco.com...s/13608-21.html
- Telemetry-Based Infrastructure Device Integrity Monitoring
> http://www.cisco.com...monitoring.html
Cisco recommends users of Cisco IOS devices review these documents to understand the types of threats against Cisco IOS devices. Cisco also recommends users ensure operational procedures include methods for preventing and detecting compromise..."

- https://www.us-cert....tware-Platforms
Aug 12, 2015
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vuln
- http://tools.cisco.c...-20150902-cimcs
2015 Sept 2 - Rev 1.0 - "Summary: Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."

- http://www.securityt....com/id/1033451
CVE Reference: CVE-2015-6259
Sep 2 2015
Impact: Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Director, prior to 5.2.0.1 ...
Solution: The vendor has issued a fix (5.3.0.0).
 

[AplusWebMaster]

FYI..

- http://tools.cisco.c...cationListing.x

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
- http://tools.cisco.c...sa-20150916-pca
2015 Sep 16 - Rev 1.0 - "Summary: Cisco Prime Collaboration Assurance Software contains the following vulnerabilities:
    Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability
    Cisco Prime Collaboration Assurance Information Disclosure Vulnerability
    Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability
Successful exploitation of the Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability and Cisco Prime Collaboration Assurance Session ID Privilege Escalation Vulnerability could allow an authenticated attacker to perform tasks with the privileges of an administrator for any domain or customer managed by the affected system. Successful exploitation of the Cisco Prime Collaboration Assurance Information Disclosure Vulnerability could allow an authenticated attacker to access sensitive information, such as Simple Network Management Protocol (SNMP) community strings and administrative credentials, of any devices imported in the system database. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available..."
- http://www.securityt....com/id/1033581
CVE Reference: CVE-2015-4304, CVE-2015-4305, CVE-2015-4306
Sep 16 2015
Impact: Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Solution: Cisco has issued a fix (10.5.1 MSP patch cpc-assurance-patchbundle-10.5.1.53684-1.x86_64.tar.gz, 11.0)...
___

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vuln
- http://tools.cisco.c...sa-20150916-pcp
2015 Sep 16 - Rev 1.0 - "Summary: A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1033579
CVE Reference: CVE-2015-4307
Sep 16 2015
Impact: User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
The vendor has assigned bug ID CSCut64111 to this vulnerability.
Impact: A remote authenticated user can gain elevated privileges on the target system.
Solution: Cisco has issued a fix...
___

Cisco TelePresence Server DoS Vuln
- http://tools.cisco.c...sa-20150916-tps
2015 Sep 16 - Rev 1.0 - "Summary: Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available..."
- http://www.securityt....com/id/1033580
CVE Reference: CVE-2015-6284
Sep 16 2015
Fix Available:  Yes  Vendor Confirmed:  Yes...  
Version(s): prior to 4.1(2.33)...
The vendor has assigned bug ID CSCuu28277 to this vulnerability.
Impact: A remote user can cause the target system to crash.
Solution: Cisco has issued a fix...
___

OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- http://tools.cisco.c...0150710-openssl
2015 Sep 16 - Rev 1.23 - Updated Affected Products section - Vulnerable/Not Vulnerable Products. The following three products moved from Vulnerable to Not Vulnerable: Cisco Nexus 6000 Series Switches, Cisco Nexus 5000 Series Switches, Cisco Nexus 2000 Series FEX.
 

[AplusWebMaster]

FYI...

Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
- http://www.cisco.com..._ERP_sep15.html
Sep 23, 2015

- http://tools.cisco.c...cationListing.x
___

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vuln
- http://tools.cisco.c...-20150923-sshpk
2015 Sep 23 - Rev 1.0 - "Summary: A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges... Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation..."
- http://www.securityt....com/id/1033646
CVE Reference: CVE-2015-6280
Sep 23 2015
Impact: User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Impact: A remote user can bypass authentication on the target system.
Solution: Cisco has issued a fix.
A patch matrix is available in the vendor's advisory...
___

Cisco IOS XE Software Network Address Translation DoS Vuln
- http://tools.cisco.c...-20150923-iosxe
2015 Sep 23 - Rev 1.0 - "Summary: A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability..."
- http://www.securityt....com/id/1033645
CVE Reference: CVE-2015-6282
Sep 23 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes...  
Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers are affected.
The vendor has assigned bug ID CSCut96933 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: Cisco has issued a fix.
A patch matrix is available in the vendor's advisory...
___

Cisco IOS and IOS XE Software IPv6 First Hop Security DoS Vuln
- http://tools.cisco.c...sa-20150923-fhs
2015 Sep 23 - Rev 1.0 - "Summary: Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities..."
- http://www.securityt....com/id/1033647
CVE Reference: CVE-2015-6278, CVE-2015-6279
Sep 23 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes...
Impact: A remote user can cause the target device to reload.
Solution: Cisco has issued a fix.
A patch matrix is available in the vendor's advisory...
 

Edited by AplusWebMaster, 24 September 2015 - 08:29 AM.

[AplusWebMaster]

FYI...

Cisco IOS Software RADIUS Client DoS Vuln
- http://tools.cisco.c...1005-ios-radius
2015 Oct 5 - Rev 1.0 - "Summary: A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed answers back to a RADIUS client on an affected Cisco device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1033747
CVE Reference: CVE-2015-6263
Oct 6 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 15.4(3)M2.2 ...
The vendor has assigned bug ID CSCuu59324 to this vulnerability.
Impact: A remote authenticated server can cause the connected target device to reload.
Solution: The vendor has issued a fix...
___

- http://tools.cisco.c...cationListing.x

Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
- http://tools.cisco.c...100210-ironport
2015 Oct 3 - Rev 1.2 - Updated the advisory to reflect that no software fixes are available to address all the known ways to exploit these vulnerabilities.

Notes: http://www.cisco.com...olicy.html#tosp
"In all security publications, Cisco discloses the minimum amount of information required for an end user to assess the impact of a vulnerability and any potential steps needed to protect their environment. Cisco does -not- provide vulnerability details that could enable someone to craft an exploit. Cisco provides the following types of security-related publications via the Cisco Security portal on Cisco.com*..."
* http://tools.cisco.c...e.x#~defaultTab
___

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vuln
- http://tools.cisco.c...a-20150325-mdns
2015 Sep 28 - Rev. 1.3 - Added Cisco IOS XE 3.6.0E as an affected release. Added 3.6.2E as a first fixed for bundle wide for 3.6E since it became available after the bundle was published.
 

Edited by AplusWebMaster, 06 October 2015 - 06:59 AM.

[AplusWebMaster]

FYI...

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vuln
- http://tools.cisco.c...sa-20151006-vcs
2015 Oct 6 - Rev. 1.0 - "Summary: A vulnerability in the process management code of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker could exploit this vulnerability by completing a series of steps that ultimately allows a lower-privileged process to be restarted with root privilege. An attacker would need to crash a firestarter.py supervised process before the privilege is escalated after the process is restarted. A successful exploit could allow the attacker to gain elevated privileges on the device, which could result in a complete system compromise. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1033751
CVE Reference: CVE-2015-4325
Oct 7 2015
Impact: Root access via local system
Vendor Confirmed:  Yes  
Version(s): VCS Expressway X8.5.2 ...
No solution was available at the time of this entry...
___

Cisco UCS B-Series Blade Servers DoS Vuln
- http://tools.cisco.c...sa-20151006-ucs
2015 Oct 6 - Rev. 1.0 - "Summary: A vulnerability in Cisco Unified Computing System (UCS) B-Series blade servers could allow an unauthenticated, local attacker to cause the host operating system or Baseboard Management Controller (BMC) to hang. The vulnerability is due to how the various components communicate across the Inter-IC (I2C) bus. An attacker could exploit this vulnerability by sending specific I2C packets. An exploit could allow the attacker to cause disruption to the host, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available..."
- http://www.securityt....com/id/1033752
CVE Reference: CVE-2015-4265
Oct 7 2015
Impact: Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.6 ...
Solution: The vendor has issued a fix (2.2.6)...
___

Cisco Aironet 1850 Access Point Privilege Escalation Vuln
- http://tools.cisco.c...0151005-aironet
2015 Oct 5 Rev 1.0 - "Summary: A vulnerability in the command-line interface (CLI) of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device. The vulnerability is due to a lack of proper escape protections when validating CLI commands entered at the device prompt. An authenticated attacker could exploit this vulnerability by entering malicious commands at the CLI to obtain access to the restricted shell. An exploit could allow the attacker to obtain root-level privileges on the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1033746
CVE Reference: CVE-2015-6315
Oct 6 2015
Impact: Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1850 Series; 8.1(112.4) ...
Solution: The vendor has issued a fix...
 

Edited by AplusWebMaster, 07 October 2015 - 07:20 AM.

[AplusWebMaster]

FYI...

Cisco TelePresence Video Communication Server Expressway File Modification Vuln
- http://tools.cisco.c...sa-20151007-vcs
2015 Oct 7 Rev. 1.0 - "Summary: A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could exploit this vulnerability by creating a malicious symbolic link to a location not otherwise accessible to the attacker. An exploit could allow the attacker to insert unauthorized content in the linked-to file. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available..."
- http://www.securityt....com/id/1033781
CVE Reference: CVE-2015-6318
Oct 9 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VCS Expressway X8.5.2 ...
The vendor has assigned bug ID CSCuv11969 to this vulnerability.
Impact: A local user can modify files on the target system.
Solution: The vendor has issued a fix...
___

Cisco Prime Collaboration Assurance SQL Injection Vuln
- http://tools.cisco.c...a-20151008-pca2
2015 Oct 8 Rev. 1.0 - "Summary: A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read, modify, or delete entries in some database tables. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033782
CVE Reference: CVE-2015-6331
Oct 9 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5(1) ...
The vendor has assigned bug ID CSCus39887 to this vulnerability.
Impact: A remote authenticated user can execute SQL commands on the underlying database.
Solution: The vendor has issued a fix...
___

Cisco Prime Collaboration Provisioning SQL Injection Vuln
- http://tools.cisco.c...sa-20151008-pcp
2015 Oct 8 Rev. 1.0 - "Summary: A vulnerability in web framework of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read, modify, or delete entries in some database tables. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available...
- http://www.securityt....com/id/1033783
CVE Reference: CVE-2015-6329
Oct 9 2015
The vendor has assigned bug ID CSCut64074 to this vulnerability.
Impact: A remote authenticated user can execute SQL commands on the underlying database.
Solution: The vendor has issued a fix...
___

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vuln
- http://tools.cisco.c...sa-20151008-pca
2015 Oct 8 Rev. 1.0 - "Summary: A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available...
- http://www.securityt....com/id/1033784
CVE Reference: CVE-2015-6328
Oct 9 2015
The vendor has assigned bug IDs CSCus62680 and CSCus88380 to this vulnerability.
Impact: A remote authenticated user can obtain arbitrary files on the target system.
Solution: The vendor has issued a fix...
___

Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vuln
- http://tools.cisco.c...a-20151008-asmc
2015 Oct 8 Rev. 1.0 - "Summary: A vulnerability in interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to move arbitrary files with elevated privileges. The vulnerability is due to missing source path validation in certain IPC commands. An attacker could exploit this vulnerability by sending crafted IPC messages. An exploit could allow the attacker to move arbitrary files with elevated privileges, which could affect the integrity of the system and cause a denial of service condition. Cisco has not released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available...
- http://www.securityt....com/id/1033785
CVE Reference: CVE-2015-6322
Oct 9 2015
The vendor has assigned bug ID CSCuv48563 to this vulnerability.
Impact: A local user can move files on the target system.
Solution: No solution was available at the time of this entry.
___

Cisco Prime Renegotiation Request DoS Vuln
- http://tools.cisco.c...sa-20151008-cpi
2015 Oct 8 Rev. 1.0 - "Summary: A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL requests to a targeted system. A successful exploit could cause the system to become unresponsive, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033786
CVE Reference: CVE-2015-6332
Oct 9 2015
The vendor has assigned bug ID CSCuv56830 to this vulnerability.
Impact: A local user can cause denial of service conditions on the target system.
Solution: No solution was available at the time of this entry.
 

[AplusWebMaster]

FYI...

Apache Struts 2 Command Execution Vuln in Multiple Cisco Products
- http://tools.cisco.c...0131023-struts2
12 Oct 2015 Rev. 1.1 - "Summary: Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 customers should contact their Cisco representative for available options. Workarounds that mitigate this vulnerability are not available...
___

Cisco ASR 5000 and ASR 5500 TACACS DoS Vuln
- http://tools.cisco.c...sa-20151012-asr
12 Oct 2015 Rev. 1.0 - "Summary: A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition because the vpnmgr process restarts. The vulnerability is due to improper input validation of the TACACS packet header. An attacker could exploit this vulnerability by sending a crafted TACACS packet to the device. An exploit could allow the attacker to cause a partial DoS condition because the vpnmgr process could restart when parsing the crafted TACACS packet. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033792
CVE Reference: CVE-2015-6334
Oct 13 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASR 5000/5500 devices; 18.0.0.57828 and 19.0.M0.61045 ...
A remote user can send a specially crafted TACACS packet to cause the vpnmgr process to restart.
The vendor has assigned bug IDs CSCuw01984 and CSCuw01985 to this vulnerability.
Impact: A remote user can cause the target vpnmgr service to restart.
Solution: The vendor has issued a fix.
___

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vuln
- http://tools.cisco.c...a-20151012-apic
12 Oct 2015 Rev. 1.0 - "Summary: A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploit this vulnerability by authenticating to the device and adding an SSH key to the attacker's local account. An exploit could allow the attacker to elevate privileges on the local shell and perform unauthorized actions. Software updates are not available. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033793
CVE Reference: CVE-2015-6333
Oct 13 2015
Vendor Confirmed:  Yes  
Version(s): 1.1j ...
The vendor has assigned bug ID CSCuw46076 to this vulnerability.
Impact: A local user can obtain elevated privileges on the target system.
Solution: No solution was available at the time of this entry...
 

[AplusWebMaster]

FYI...

Cisco Wireless LAN Controller Client Disconnection Vuln
- http://tools.cisco.c...sa-20151016-wlc
2015 Oct 16 Rev. 1.0 - "Summary: A vulnerability in the Web Management GUI of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to trigger client disconnection. The vulnerability is due to a lack of access control to the Cisco WLC Web Management GUI. An attacker could exploit this vulnerability by connecting to the IP address of the Cisco WLC and triggering client disconnections. The attacker must reach the Cisco WLC management IP address on port 80 or port 443 via its wired interface. Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available...
- http://www.securityt....com/id/1033871
CVE Reference: CVE-2015-6341
Oct 20 2015
Impact: Denial of service via network
Vendor Confirmed:  Yes  
Version(s): 8.0(120) ...
___

Cisco ASR 5000 CDMA PMIpv6 DoS Vuln
- http://tools.cisco.c...0151016-asrcdma
2015 Oct 19 Rev. 1.0 - "Summary: A vulnerability in the Proxy Mobile IPv6 (PMIPv6) protocol implementation of the Cisco Aggregation Services Router (ASR) ASR 5000 for Cisco Code Division Multiple Access (CDMA) System Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the hamgr process restarting. The vulnerability is due to improper input validation of the PMIPv6 packet header. An attacker could exploit this vulnerability by sending a crafted PMIPv6 packet to the device. A successful exploit could allow the attacker to cause a partial DoS condition because the hamgr process could restart when parsing the crafted PMIPv6 packet. Cisco has released software updates that address this vulnerability. Workarounds that mitigate these vulnerabilities not are available...
- http://www.securityt....com/id/1033872
CVE Reference: CVE-2015-6340
Oct 20 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ASR 5000; 19.0.MO.60737 ...
Solution: The vendor has issued a fix.
___

Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vuln
- http://tools.cisco.c...sa-20151016-fmc
2015 Oct 19 Rev. 1.0 - "Summary: A vulnerability in the policy code of Cisco FireSIGHT Management Center for VMware could allow an authenticated, remote attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by bypassing policy restrictions and executing commands on the underlying operating system. The user needs to log in to the device with valid administrator-level credentials. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033873
CVE Reference: CVE-2015-6335
Oct 20 2015
Impact: Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): FireSIGHT Management Center for VMware; 5.3.1.7, 5.4.0.4, 6.0.0 ...
The vendor has assigned bug ID CSCuw12839 to this vulnerability.
Impact: A remote authenticated administrative user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix.
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco ASA Software VPN ISAKMP DoS Vuln
- http://tools.cisco.c...0151021-asa-ike
2015 Oct 21 v1.0 - "Summary: A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key Management Protocol (ISAKMP) packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. A successful exploit could allow the attacker to cause an affected system to reload.
Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic...
- http://www.securityt....com/id/1033914
CVE Reference: CVE-2015-6327
Oct 21 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2(1)...
The vendor has assigned bug ID CSCus94026 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix.
___

Cisco ASA Software DNS DoS Vuln
- http://tools.cisco.c...151021-asa-dns1
2015 Oct 21 v1.0 - "Summary: A vulnerability in the DNS code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a request to an affected Cisco ASA appliance to cause it to generate a DNS request packet. The attacker would need to spoof the reply packet with a crafted DNS response.
Note: Only traffic directed to the affected device can be used to exploit this vulnerability. This vulnerability affects Cisco ASA Software configured in routed or transparent firewall mode and single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic...
- http://www.securityt....com/id/1033913
CVE Reference: CVE-2015-6325
Oct 21 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2(1)...
The vendor has assigned bug ID CSCut03495 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix.
___

Cisco ASA Software DHCPv6 Relay DoS Vuln
- http://tools.cisco.c...51021-asa-dhcp1
2015 Oct 21 v1.0 - "Summary: A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.
Note: Only DHCPv6 packets directed to the Cisco ASA interface where the DHCPv6 relay is enabled can be used to trigger this vulnerability. This vulnerability affects systems configured in routed or transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered only by IPv6 traffic...
- http://www.securityt....com/id/1033912
CVE Reference: CVE-2015-6324
Oct 21 2015
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2(1)...
The vendor has assigned bug IDs CSCus56252 and CSCus57142 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix.
___

- https://www.us-cert....ecurity-Updates
Oct 21, 2015
 

Edited by AplusWebMaster, 21 October 2015 - 08:16 PM.

[AplusWebMaster]

FYI...

Cisco Secure Access Control Server SQL Injection Vuln
- http://tools.cisco.c...sa-20151023-acs
2015 Oct 26 Rev. 1.0 - "Summary: A vulnerability in the Cisco Secure Access Control Server (ACS) interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033967
CVE Reference: CVE-2015-6345
Oct 27 2015
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.7(0.15) ...
The vendor has assigned bug ID CSCuw24700 to this vulnerability.
Impact: A remote authenticated user can execute SQL commands on the underlying database.
Solution: The vendor has issued a fix.
___

Cisco Secure Access Control Server Reflective Cross-Site Scripting Vuln
- http://tools.cisco.c...151023-acs_xss1
2015 Oct 26 Rev. 1.0 - "Summary: A vulnerability in the Cisco Secure Access Control Server (ACS) web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting (XSS) attack. The vulnerability is due to a lack of input validation on user-supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. A successful exploit could allow the attacker to affect the integrity of the system via database manipulation. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033968
CVE Reference: CVE-2015-6349
Oct 27 2015
The vendor has assigned bug ID CSCuw24705 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco Secure Access Control Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix.
___

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vuln
- http://tools.cisco.c...0151023-acs_xss
2015 Oct 26 Rev. 1.0 - "Summary: A vulnerability in the Cisco Secure Access Control Server (ACS) web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client side, cross-site scripting (XSS) attack. The vulnerability is due to a lack of input validation on user-supplied data within the DOM input. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to effect the integrity of the system via database manipulation. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033969
CVE Reference: CVE-2015-6346
Oct 27 2015
The vendor has assigned bug ID CSCuw24710 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco Secure Access Control Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: No solution was available at the time of this entry.
___

Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vuln
- http://tools.cisco.c...51023-acs_rbac1
2015 Oct 26 Rev. 1.0 - "Summary: A vulnerability in the role-based access control (RBAC) implementation of the Cisco Secure Access Control Server (ACS) could allow an authenticated, remote attacker to view system administrator reports and status. The vulnerability is due to improper RBAC validation when a user accesses the report generation web interface. An attacker could exploit this vulnerability by authenticating as a non-privileged user and navigating to what should be a restricted web page. A successful exploit could allow the attacker to view confidential report and status information about the affected device, including IP addresses and usernames. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033970
CVE Reference: CVE-2015-6348
Oct 27 2015
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.7(0.15) ...
The vendor has assigned bug ID CSCuw24661 to this vulnerability.
Impact: A remote authenticated user can obtain potentially sensitive system administrator reports and status on the target system.
Solution: The vendor has issued a fix.
___

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vuln
- http://tools.cisco.c...151023-acs_rbac
2015 Oct 26 Rev. 1.0 - "Summary: A vulnerability in the role-based access control (RBAC) implementation of the Cisco Secure Access Control Server (ACS) could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper RBAC validation when a new administrative dashboard or portlet is created. An attacker could exploit this vulnerability by authenticating as a non-privileged user and navigating to what should be a restricted web page. A successful exploit could allow the attacker to create a dashboard or portlet, which should not be allowed. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1033971
CVE Reference: CVE-2015-6347
Oct 27 2015
The vendor has assigned bug ID CSCuw24655 to this vulnerability.
Impact: A remote authenticated user can modify dashboard portlets on the target system.
Solution: The vendor has issued a fix.
___

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vuln
- http://tools.cisco.c...sa-20151027-cas
2015 Oct 27 Rev. 1.0 - "Summary: A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by sending an HTTP request to a specific URL. Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
- http://www.securityt....com/id/1034001
CVE Reference: CVE-2015-6344
Oct 28 2015
The vendor has assigned bug ID CSCuv74105 to this vulnerability.
Impact: A remote authenticated user can determine valid usernames and read user information on the target system.
Solution: No solution was available at the time of this entry.
 

Edited by AplusWebMaster, 28 October 2015 - 08:59 AM.

[AplusWebMaster]

FYI...

Cisco Unified Computing System Blade Server Information Disclosure Vuln
- http://tools.cisco.c...sa-20151102-ucs
2015 Nov 2 Rev. 1.0 - "Summary: A vulnerability in the web interface of the Cisco Unified Computing System (UCS) Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an affected system. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow an attacker to obtain information from the UCS. The information could be used for reconnaissance attacks. Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
- http://www.securityt....com/id/1034042
CVE Reference: CVE-2015-6355
Nov 3 2015
Vendor Confirmed:  Yes  
Version(s): 2.2(5b)A ...
The vendor has assigned bug ID CSCuw87226 to this vulnerability.
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: No solution was available at the time of this entry...
 

[AplusWebMaster]

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Web Security Appliance Certificate Generation Command Injection Vuln
- http://tools.cisco.c...sa-20151104-wsa
2015 Nov 4 Rev. 1.0 - "Summary: A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected fields of the web interface. An exploit could allow the attacker to run arbitrary commands on the underlying system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1034059
CVE Reference: CVE-2015-6298
Nov 4 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0 and after...
The vendor has assigned bug ID CSCus83445 to this vulnerability.
Impact: A remote authenticated user can execute arbitrary commands on the target system with root privileges.
Solution: The vendor has issued a fix (8.0.8-113, 8.5.3-051, 8.7.0-171-LD, 8.8.0-085).
___

Cisco Email Security Appliance Email Scanner DoS Vuln
- http://tools.cisco.c...a-20151104-esa2
2015 Nov 4 Rev. 1.0 - "Summary: A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service (DoS) condition. The vulnerability is due to improper input validation when an email attachment contains corrupted fields and is filtered by the ESA. An attacker could exploit this vulnerability by sending a crafted email with an attachment to the ESA. A successful exploit could allow the attacker to cause a DoS condition. While the attachment is being filtered, memory is consumed at at high rate until the filtering process restarts. When the process restarts, it will resume processing the same malformed attachment and the DoS condition will continue. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
- http://www.securityt....com/id/1034064
CVE Reference: CVE-2015-6291
Nov 4 2015
The vendor has assigned bug ID CSCuv47151 to this vulnerability.
Impact: A remote user can consume excessive memory resources on the target device, causing the device to become unavailable.
Solution: The vendor has issued a fix (8.5.7-043, 9.1.1-023, 9.6.0-046).
___

Cisco Web Security Appliance Range Request DoS Vuln
- http://tools.cisco.c...a-20151104-wsa2
2015 Nov 4 Rev. 1.0 - "Summary: A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory. The vulnerability is due to a failure to free memory when a file range is requested through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the WSA. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available...
- http://www.securityt....com/id/1034063
CVE Reference: CVE-2015-6293
Nov 4 2015
Version(s): 8.0 - 8.8
The vendor has assigned bug IDs CSCur39155 and CSCuu29304 to this vulnerability.
Impact: A remote user can consume all available system memory resources on the target device, preventing the device from passing traffic.
Solution: The vendor has issued a fix (8.0.8-113, 8.5.3-051, 8.7.0-171-LD, 8.8.0-085).
___

Cisco Mobility Services Engine Privilege Escalation Vuln
- http://tools.cisco.c...0151104-privmse
2015 Nov 4 Rev. 1.0 - "Summary: A vulnerability in the installation procedure of the Cisco Mobility Services Engine (MSE) appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or virtual appliance install procedure. An attacker could exploit this vulnerability by logging into the device and escalating their privileges. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
- http://www.securityt....com/id/1034066
CVE Reference: CVE-2015-4282
Nov 4 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.0.120.7 ...
The vendor has assigned bug ID CSCuv40504 to this vulnerability.
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix (after 8.0.120.7).

... more:
> https://www.us-cert....rity-Appliances
Nov 4, 2015
 

Edited by AplusWebMaster, 05 November 2015 - 07:02 AM.

[AplusWebMaster]

FYI...

> http://tools.cisco.c...cationListing.x

If there are -no- "Software Updates" -or- "Workarounds" in a Cisco advisory, they will NOT be posted here.

[Note: Apparent recent Cisco policy changes now seem to include multiple postings merely stating issues with no fix -and- no  workaround.]

Cisco FireSIGHT Management Center Certificate Validation Vuln
- http://tools.cisco.c...sa-20151116-fmc
2015 Nov 17 - v1.2 - "... Workarounds that mitigate this vulnerability are available..."
- http://www.securityt....com/id/1034161
CVE Reference: https://web.nvd.nist...d=CVE-2015-6357
Nov 16 2015
Impact: Execution of arbitrary code via network, Root access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.4.0, 5.4.0.1; possibly also 5.2.0 and 5.3.0...
Impact: A remote user that can conduct a man-in-the-middle attack can execute arbitrary code on the target system...

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vuln
- http://tools.cisco.c...a-20151008-pca1
2015 Nov 16 - v1.0 - "... Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."

Cisco IOS Software Virtual PPP Interfaces Security Bypass Vuln
- http://tools.cisco.c...a-20151112-ios1
2015 Nov 13 - v1.0 - "... Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1034158
CVE Reference: https://web.nvd.nist...d=CVE-2015-6365
Nov 14 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 15.2(04)M, 15.4(03)M
The vendor has assigned bug ID CSCur61303 to this vulnerability.
Impact: A remote authenticated user can bypass virtual PPP access controls on the target system.
Solution: The vendor has issued a fix.

Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vuln
- http://tools.cisco.c...sa-20151112-vds
2015 Nov 13 - v1.0 - "... Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1034159
CVE Reference: https://web.nvd.nist...d=CVE-2015-6364
Nov 14 2015
The vendor has assigned bug ID CSCuv86960 to this vulnerability.
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix.

Cisco ASA Software DNS DoS Vuln
- http://tools.cisco.c...151021-asa-dns2
2015 Nov 12 - v1.1 - "... Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
- http://www.securityt....com/id/1034156
CVE Reference: https://web.nvd.nist...d=CVE-2015-6326
Nov 14 2015
The vendor has assigned bug ID CSCuu07799 to this vulnerability.
Impact: A remote user can cause the target system to reload.
Solution: The vendor has issued a fix.

Cisco Mobility Services Engine Static Credential Vuln
- http://tools.cisco.c...151104-mse-cred
2015 Nov 4 - v1.0 - "...Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available..."

Cisco Mobility Services Engine Privilege Escalation Vuln
- http://tools.cisco.c...0151104-privmse
2015 Nov 4 - v1.0 - "... Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
 

Edited by AplusWebMaster, 20 November 2015 - 07:36 AM.

[AplusWebMaster]

FYI...

> http://tools.cisco.c...igation.x?i=118

Cisco ASA Management Interface XML Parser DoS Vuln
- http://tools.cisco.c...sa-20151123-asa
Nov 24, 2015 Rev 1.0 - "Summary: A vulnerability in the XML parser of the management interface in Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause system instability and possibly crash an affected system. The vulnerability is due to insufficient hardening of the XML parser code. An attacker could exploit this vulnerability by triggering the affected component to perform a read operation of a crafted XML file. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability..."
- http://www.securityt....com/id/1034251
CVE Reference: CVE-2015-6379
Nov 25 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.4 ...
The vendor has assigned bug ID CSCut14223 to this vulnerability.
Impact: A remote authenticated user can cause the target system to become unstable or potentially crash.
Solution: The vendor has issued a fix...