332 replies to this topic

[AplusWebMaster]

FYI...

If there are -no- "Software Updates" -or- "Workarounds" in a Cisco advisory, they will NOT be posted here.
[Note: Apparent recent Cisco policy changes now seem to include multiple postings merely stating issues with no fix -and- no  workaround.]

Cisco Web Security Appliance Native FTP DoS Vuln
- http://tools.cisco.c...sa-20151130-wsa
2015 Dec 1 - v2.0 - "Summary: A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to high CPU utilization. The vulnerability occurs when the FTP client terminates the FTP control connection when the data transfer is complete. An attacker could exploit this vulnerability by initiating FTP connections through the WSA. An exploit could allow the attacker to cause high CPU utilization of the Cisco WSA proxy process, causing a partial DoS condition. The attacker's choice of FTP client and how that client closes the FTP control connection will affect the attacker's ability to exploit this vulnerability. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
- http://www.securityt....com/id/1034276
CVE Reference: CVE-2015-6386
Dec 2 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0.7-142, 8.5.1-021 ...
The vendor has assigned bug ID CSCut94150 to this vulnerability.
Impact: A remote user can consume excessive CPU resources on the target system.
Solution: The vendor has issued a fix...
___

Cisco ASR 1000 Series Root Shell License Bypass Vuln
- http://tools.cisco.c...sa-20151130-asa
2016 Nov 30 - v1.0 - "Summary: A vulnerability in the way software packages are loaded in Cisco IOS XE Software for the Cisco Aggregation Services Routers (ASR) 1000 Series could allow an authenticated, local attacker to gain restricted root shell access. The vulnerability is due to lack of proper input validation of file names at the command-line interface (CLI). An attacker could exploit this vulnerability by authenticating to the affected device and crafting specific file names for use when loading packages. An exploit could allow the authenticated attacker to bypass the license required for root shell access. If the authenticated user obtains the root shell access, further compromise is possible. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
- http://www.securityt....com/id/1034277
CVE Reference: CVE-2015-6383
Dec 2 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1000 Series; 15.4(3)S ...
The vendor has assigned bug ID CSCuv93130 to this vulnerability.
Impact: A local user can bypass license restrictions on the target system.
Solution: The vendor has issued a fix...
___

Cisco WebEx Meetings for Android Custom Permissions Vuln
- http://tools.cisco.c...sa-20151201-wmc
Dec 1, 2015 v1.0 - "Summary: A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at initialization. An attacker could exploit this vulnerability by downloading a malicious Android application to the mobile device. An exploit could allow the attacker to utilize the custom application to silently acquire the same permissions as the WebEx application. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available..."
Cisco WebEx Meetings for Android versions prior to 8.5.1.
 

Edited by AplusWebMaster, 03 December 2015 - 12:16 PM.

[AplusWebMaster]

FYI...

> http://tools.cisco.c...cationListing.x
Bottom of page: "...Cisco Security Responses are published to address less severe problems that affect network security or issues that require a response to information posted to a public discussion forum. They are normally published if a third party makes a public statement about a Cisco product vulnerability that Cisco has previously addressed through our standard disclosure process or when the nature of the issue does not warrant the visibility of a Cisco Security Advisory."

Cisco IOS XE 3S Platforms Series root Shell License Bypass Vuln
- http://tools.cisco.c...0151130-iosxe3s
Last Updated: 2015 Dec 3 v2.1 - "Summary: A vulnerability in one of the diagnostic commands in the Cisco IOS XE operating system for Cisco IOS XE 3S platforms could allow an authenticated, privileged, local attacker to gain restricted root shell access. The root shell is provided for advanced troubleshooting with Cisco Technical Assistance Center (TAC) engineers and requires a license. The vulnerability occurs because the parameters to diagnostic commands at the command-line interface (CLI) are not properly validated. An attacker could exploit this vulnerability by authenticating to the affected device at privileged level 15 and providing crafted parameters to the diagnostic commands. An exploit could allow the authenticated, privileged attacker to bypass the license required for root shell access. If the authenticated user obtains root shell access, further compromise may be possible. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability..."
- http://www.securityt....com/id/1034296
CVE Reference: https://web.nvd.nist...d=CVE-2015-6383
Dec 5 2015
Impact: Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XE 3S ...
The vendor has assigned bug ID CSCuv93130 to this vulnerability.
[Editor's note: The vendor previously released an advisory for Cisco ASR 1000 Series Routers describing a similar vulnerability and assigning the same Cisco Bug ID number and CVE number (see Alert ID 1034277). As of December 5, 2015, the previous advisory was no longer available on the vendor's web site.]
Impact: A local user can bypass license restrictions on the target system.
Solution: The vendor has issued a fix...
 

Edited by AplusWebMaster, 07 December 2015 - 10:05 AM.

[AplusWebMaster]

FYI...

> http://tools.cisco.c...cationListing.x

Cisco Prime Collaboration Assurance Default Account Credential Vuln
Critical
- http://tools.cisco.c...sa-20151209-pca
2015 Dec 9 v1.0 - "Summary: A vulnerability in Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to log in to the system shell with the default cmuser user account and access the shell with a limited set of permissions. The vulnerability is due to an undocumented account that has a default and static password. This account is created during installation and cannot be changed or deleted without impacting the functionality of the system. The first time this account is used the system will request that the user change the default password. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH by using the undocumented account. Successful exploitation could allow the attacker to access the system with the privileges of the cmuser user. This vulnerability allows the attacker to: access some sensitive data, such as the password file, system logs, and Cisco PCA database information; modify some data; run some internal executables; and potentially make the system unstable or inaccessible. Cisco has released software updates that address this vulnerability. Workarounds are available...
Vulnerable Products: Any product running a vulnerable version of Cisco Prime Collaboration Assurance Software is affected by this vulnerability. Cisco Prime Collaboration Assurance Software releases prior to 11.0 are vulnerable..."
___

Cisco Small Business RV Series / SA500 Series Dual WAN VPN Router Generated Key Pair Info Disclosure Vuln
- http://tools.cisco.c...a-20151210-dwvr
2015 Dec 10 v1.0 - "Summary: A vulnerability in the HTTPS session key exchange process of certain Cisco Small Business RV Series Routers and Cisco SA500 Series Security Appliances could allow an unauthenticated, remote attacker to obtain the key pair used in the Transport Layer Security (TLS) session from the affected device. The vulnerability is due to insufficient sources of entropy used by the random number generator. An attacker could exploit this vulnerability by gathering large amounts of TLS handshake data to predict the random numbers generated for the key pair. An exploit could allow the attacker to decrypt session data between a host and the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
___

Cisco Emergency Responder Tools Menu Directory Traversal Vuln
- http://tools.cisco.c...sa-20151209-ert
2015 Dec 10 v1.0 - "Summary: A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote attacker to put files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a filename. An attacker could exploit this vulnerability by using directory traversal methods to supply a path to a desired file location. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco Emergency Responder Release 10.5(1.10000.5) is vulnerable..."
- http://www.securityt....com/id/1034384
CVE Reference: CVE-2015-6406
Dec 10 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5(1.10000.5) ...
The vendor has assigned bug ID CSCuv21781 to this vulnerability.
Impact: A remote authenticated user can upload arbitrary files to the target system.
Solution: The vendor has issued a fix...
___

Cisco Emergency Responder Web Framework Arbitrary File Upload Vuln
- http://tools.cisco.c...sa-20151209-erw
2015 Dec 10 v1.0 - "Summary: A vulnerability in the web framework of Cisco Emergency Responder (CER) could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by sending a crafted request to the server. An exploit could allow the attacker to upload arbitrary files to arbitrary locations on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco Emergency Responder Release 10.5(3.10000.9) is vulnerable..."
- http://www.securityt....com/id/1034383
CVE Reference: CVE-2015-6407
Dec 10 2015
The vendor has assigned bug ID CSCuv25501 to this vulnerability.
Impact: arbitrary files to a restricted location on the target system.
Solution: The vendor has issued a fix...
___

Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vuln
- http://tools.cisco.c...sa-20151210-ucs
2015 Dec 10 v1.0 - "Summary: A vulnerability in the SSH management interface of the Cisco Unified Computing System (UCS) 6200 Series Fabric Interconnect Series Switch could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because a fabric interconnect interface might not boot completely up or might have high CPU utilization. This would only happen if the attack occurred while a reload of the affected UCS switch was already in progress. The vulnerability is due to a lack of rate-limiting on incoming TCP connection requests for SSH, which is TCP port 22 during boot time. An attacker could exploit this vulnerability by sending a TCP SYN flood of packets to the SSH management interface of the device while a reload of the switch is in progress. An exploit could allow the attacker to create a DoS condition due to the Cisco UCS FI not proper properly booting up or having high CPU utilization. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Unified Computing System release 2.2(3f)A is vulnerable..."
- http://www.securityt....com/id/1034381
CVE Reference: CVE-2015-6415
Dec 10 2015
The vendor has assigned bug ID CSCuu81757 to this vulnerability.
Impact: A remote user can consume excessive CPU resources on the target system or prevent the target system from reloading.
Solution: The vendor has issued a fix...
___

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vuln
- http://tools.cisco.c...sa-20151210-uim
2015 Dec 10 v1.0 - "Summary: A vulnerability in the web interface of Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by convincing a user to open a maliciously crafted URL. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager release 11.0(1) are vulnerable..."
- http://www.securityt....com/id/1034382
CVE Reference: CVE-2015-6416
Dec 10 2015
The vendor has assigned bug ID CSCuw24479 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco Unified Web Interaction Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix...
___

Multiple Cisco IP Phones Firmware Image Upload Vuln
- http://tools.cisco.c...sa-20151209-ipp
2015 Dec 9 v1.0 - "Summary: A vulnerability in the TFTP implementation of the Cisco Small Business SPA30X and SPA50X IP Phones could allow an unauthenticated, local attacker to load arbitrary firmware images onto the affected device. The vulnerability is due to insufficient file integrity checks of the firmware image. An attacker could exploit this vulnerability by gaining access to the local shell of the device and loading an arbitrary firmware image onto the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco SPA30X Series IP Phones, Cisco SPA50X Series IP Phones, and Cisco SPA51X Series IP Phones are vulnerable..."
___

Cisco Unified Communications Manager Mobile and Remote Access Services Identity Attack Vuln
- http://tools.cisco.c...sa-20151209-ucm
2015 Dec 9 v1.0 - "Summary: A vulnerability in edge devices of the Cisco Unified Communications Manager using Mobile and Remote Access (MRA) services could allow an unauthenticated, remote attacker to perform an identity theft attack. The vulnerability is due to improper identity validation of the edge devices. An attacker could exploit this vulnerability by spoofing a user's identity and taking ownership of the edge device. A successful exploit will allow the attacker to setup and receive voice calls acting as the registered user of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco Unified Communications Manager Mobile and Remote Access Edge Devices..."
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco FireSIGHT Management Center GET Request Information Disclosure Vuln
- http://tools.cisco.c...sa-20151211-fmc
2015 Dec 11 v1.0 - "Summary: A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to view sensitive information from the underlying operating system. The vulnerability is due to improper sanitation of user-supplied input. An attacker could exploit this vulnerability by sending special GET requests to a vulnerable device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability...
Vulnerable Products: Cisco FireSIGHT Management Center running FireSIGHT System Software releases 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 are vulnerable..."
___

Cisco Integrated Management Controller DoS Vuln
- http://tools.cisco.c...sa-20151211-imc
2015 Dec 11 v1.0 - "Summary: A vulnerability in Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the IMC. A successful exploit could allow the attacker to cause the IMC to become inaccessible via the IP interface, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco IMC releases prior to 2.0(9) are vulnerable..."
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Unified Communications Manager Web Applications Identity Management Subsystem DoS Vuln
- http://tools.cisco.c...-20151215-ucmim
2015 Dec 15 v1.0 - "Summary: A vulnerability in the Identity Management subsystem used by the WebApplications of Cisco Unified Communications Manager (Cisco UCM) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to invalid session requests. An attacker could exploit this vulnerability by sending invalid session tokens to the subsystem of an affected system. A successful exploit could allow the attacker to cause a DoS condition for a specific application. The affected subsystem would need to be restarted. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco Unified Communications Manager version 10.5(0.98000.88) is vulnerable...
- http://www.securityt....com/id/1034431
CVE Reference: CVE-2015-6425
Dec 16 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5(0.98000.88) ...
The vendor has assigned bug ID CSCul83786 to this vulnerability.
Impact: A remote user can cause denial of service conditions on the target subsystem. The subsystem must be restarted to return to normal operations.
Solution: The vendor has issued a fix...
___

Cisco IOS XE Software IPv6 Neighbor Discovery DoS Vuln
- http://tools.cisco.c...sa-20151214-ios
Last Updated: 2015 Dec 15 v1.1 - "Summary: A vulnerability in the IPv6 neighbor discovery (ND) handling of Cisco IOS XE Software on ASR platforms could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to insufficient bounds on internal tables. An attacker could exploit this vulnerability by flooding an adjacent IOS XE device with specific ND messages. An exploit could allow the attacker to deplete the available memory, possibly causing an affected device to crash. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available...
Vulnerable Products: Cisco IOS XE Software Releases prior to 15.5(2)S2 (3.15.2S) and 15.5(3)S1 (3.16.1S) are vulnerable...
- http://www.securityt....com/id/1034432
CVE Reference: CVE-2015-6359
Dec 16 2015
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XE; prior to versions 15.5(2)S2 (3.15.2S) and 15.5(3)S1 (3.16.1S)...
The vendor has assigned bug ID CSCup28217 to this vulnerability.
Impact: A remote user on the local network can cause the target device to crash.
Solution: The vendor has issued a fix (15.5(2)S2 (3.15.2S), 15.5(3)S1 (3.16.1S))...
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vuln
- http://tools.cisco.c...0151217-gateway
2015 Dec 17 v1.0 - "Summary: A vulnerability in the HTTP server on the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter (EDVA) could allow an unauthenticated, remote attacker to access sensitive information located on the device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to access sensitive information from the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...
Vulnerable Products: Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA version r1 is vulnerable...
- http://www.securityt....com/id/1034487
CVE Reference: CVE-2015-6428
Dec 18 2015
Version(s): Model DPQ3925; EDVA version r1
The vendor has assigned bug ID CSCuv03958 to this vulnerability.
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix.
___

Cisco Application Policy Infrastructure Controller Insecure Credentials Vuln
- http://tools.cisco.c...a-20151216-apic
2015 Dec 16 v1.0 - "Summary: A vulnerability in the boot process of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC system. An attacker could exploit this vulnerability by accessing the boot manager of the APIC. An exploit could allow the attacker to access the APIC as the root user and perform root-level commands in single-user mode. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco APIC release 1.1(0.920a) is vulnerable...
- http://www.securityt....com/id/1034468
CVE Reference: CVE-2015-6424
Dec 17 2015
The vendor has assigned bug ID CSCuu83985 to this vulnerability.
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco IOS XE Software Packet Processing DoS Vuln
- http://tools.cisco.c...2015-1221-iosxe
2015 Dec 21 v1.0 - "Summary: Cisco IOS XE Software Release 16.1.1 contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco IOS XE Software Release 16.1.1 is vulnerable...
- http://www.securityt....com/id/1034514
CVE Reference: https://web.nvd.nist...d=CVE-2015-6431
Dec 22 2015
The vendor has assigned bug ID CSCux48405 to this vulnerability.
Impact: A remote user on the local network can cause the target device to reload.
Solution: The vendor has issued a fix...
___

Cisco IOS and IOS XE Software IKEv1 State Machine DoS Vuln
- http://tools.cisco.c...sa-20151218-ios
2015 Dec 16 v1.0 - "Summary: A vulnerability in the Internet Key Exchange (IKEv1) state machine of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to tear down valid IPsec connections, resulting in a partial denial of service (DoS) condition. The vulnerability is due to insufficient condition checks in the IKEv1 state machine. An attacker could exploit this vulnerability by sending a spoofed, specific IKEv1 packet to an endpoint of an IPsec tunnel. A successful exploit could allow the attacker to tear down IPsec tunnels that terminate on the endpoint, causing a partial DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco IOS and Cisco IOS XE Software Releases prior to 15.5(2)S2 (3.15.2S), 15.5(2)T2, 15.5(3)M1, 15.5(3)S1 (3.16.1S), 15.6(1)S (3.17.1S), and 15.6(1)T are vulnerable...
- http://www.securityt....com/id/1034505
CVE Reference: https://web.nvd.nist...d=CVE-2015-6429
Dec 18 2015
The vendor has assigned bug ID CSCuw08236 to this vulnerability.
Impact: A remote user can cause the target IPsec tunnel to be torn down.
Solution: The vendor has issued a fix (15.5(2)S2 (3.15.2S), 15.5(2)T2, 15.5(3)M1, 15.5(3)S1 (3.16.1S), 15.6(1)S (3.17.1S), 15.6(1)T)...
 

Edited by AplusWebMaster, 23 December 2015 - 05:59 AM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco IOS XR Software OSPF Link State Ad PCE Vuln
- http://tools.cisco.c...-20160104-iosxr
2016 Jan 4 Rev 1.0 - "Summary: A vulnerability in Open Shortest Path First (OSPF) Link State Advertisement (LSA) handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the number of OSPF Path Computation Elements (PCEs) that are configured for an OSPF LSA opaque area update. An attacker could exploit this vulnerability by sending a crafted OSPF LSA update to an affected device that is running the vulnerable software and OSPF configuration. A successful exploit could allow the attacker to cause a DoS condition due to the OSPF process restarting when the crafted OSPF LSA update is received. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available...
Vulnerable Products: Cisco IOS XR Software Releases 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 are vulnerable...
- http://www.securityt....com/id/1034570
CVE Reference: https://web.nvd.nist...d=CVE-2015-6432
Jan 5 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, 5.3.2 ...
The vendor has assigned bug ID CSCuw83486 to this vulnerability.
Impact: A remote user can cause the target OSPF process to crash.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Unified Communications Manager SQL Injection Vuln
- http://tools.cisco.c...a-20160105-cucm
2016 Jan 5 V 1.0 - "Summary: A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack on a specific page. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco Unified Communications Manager release 11.0(0.98000.225) is vulnerable...
- http://www.securityt....com/id/1034583
CVE Reference: https://cve.mitre.or...e=CVE-2015-6433
Jan 5 2016
The vendor has assigned bug ID CSCut66767 to this vulnerability.
Impact: A remote authenticated user can execute SQL commands on the underlying database.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

UCSC Series Default Password for Units Shipped Nov 17, 2015 through Jan 6, 2016 is Incorrect
- Alternate Password Enclosed
- http://www.cisco.com...40/fn64093.html
Updated: Jan 11, 2016
"Problem Description: A number of C-Series servers have shipped to customers with a non-standard default password which prevents access to the Cisco Integrated Management Controller (CIMC) unless the configured password is provided.
Background: Systems manufactured between November 17, 2015 and January 6, 2016 were produced with a different default password.
Problem Symptoms: Customers might not be able to log in to their C-Series servers with the published default admin password "password" since this has been changed to "Cisco1234" for these systems. Customers should access the CIMC interface with this combination "admin":"Cisco1234" and set the password back to the default or a customer-desired-password.
Workaround/Solution... (see cisco URL at the top of this post for more info.)..."
___

Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vuln
- http://tools.cisco.c...sa-20160111-asa
2016 Jan 11 v1.0 - "Summary: A vulnerability in the Distributed Computing Environment/Remote Procedure Calls (DCERPC) Inspection feature of the Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC traffic should be allowed only on TCP port 135. The vulnerability is due to an internal access control list (ACL), which is used to allow DCERPC traffic but is incorrectly programmed to allow all traffic types and not restricted to DCERPC TCP port 135. An attacker could exploit this vulnerability by sending non-DCERPC traffic between hosts configured for DCERPC inspection that would normally be dropped. An exploit could allow the attacker to access hosts that should normally be restricted through the ASA. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco ASA Software releases 9.4.1 up to 9.5.1 are vulnerable..."
- http://www.securityt....com/id/1034644
CVE Reference: CVE-2015-6423
Jan 12 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.4.1 up to 9.5.1 ...
The vendor has assigned bug ID CSCuu67782 to this vulnerability.
Impact: A remote authenticated user can send arbitrary protocol traffic on arbitrary ports between hosts configured only for DCERPC inspection.
Solution: The vendor has issued a fix...
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Identity Services Engine Unauthorized Access Vuln
- http://tools.cisco.c...sa-20160113-ise
2016 Jan 13 v1.0 Critical - "Summary: A vulnerability in the Admin portal of devices running Cisco Identity Services Engine (ISE) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. An attacker who can connect to the Admin portal of an affected device could potentially exploit this vulnerability. A successful exploit may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of Cisco ISE software that resolves this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this  vulnerability.
Affected Products: Cisco ISE devices running software versions 1.1 or later, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, or 1.4 prior to patch 4 are vulnerable. To determine which version of the software is currently running on a device, administrators may use the show version command in the device command-line interface (CLI) or click on the hostname in the upper-right corner of the Admin portal...
- http://www.securityt....com/id/1034666
CVE Reference: CVE-2015-6323
Jan 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuw34253 to this vulnerability.
Impact: A remote user can gain access to the target system.
Solution: The vendor has issued a fix (1.2.0 Patch 17, 1.2.1 Patch 8, 1.3 Patch 5, 1.4 Patch 4)...
___

Cisco Wireless LAN Controller Unauthorized Access Vuln
- http://tools.cisco.c...sa-20160113-wlc
2016 Jan 13 v1.0 Critical - "Summary: Devices running Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an affected device could exploit this vulnerability. A successful exploit may compromise the device completely. Customers are advised to upgrade to a version of Cisco WLC software that addresses this vulnerability. There are no workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability...
Vulnerable Products: For information about specific software versions that are affected by this vulnerability, see the "Fixed Software" section of this advisory. This vulnerability affects the following standalone controllers when they are running an affected version of Cisco WLC software:
- Cisco 2500 Series Wireless Controllers
- Cisco 5500 Series Wireless Controllers
- Cisco 8500 Series ...
- http://www.securityt....com/id/1034665
CVE Reference: CVE-2015-6314
Jan 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.6.120.0, 8.0, 8.1
The vendor has assigned bug ID CSCuw06153 to this vulnerability.
Impact: A remote user can modify the configuration.
Solution: The vendor has issued a fix (8.0.121.0, 8.1.131.0)...
___

Cisco Aironet 1800 Series Access Point DoS Vuln
- http://tools.cisco.c...0160113-aironet
2016 Jan 13 v1.0 - "Summary: A vulnerability in the IP ingress packet handler of Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to cause a complete denial of service (DoS) condition. The vulnerability is due to improper input validation of IP packet headers. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. An successful exploit could allow the attacker to cause the device to reload unexpectedly. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
Vulnerable Products: The following Cisco products are vulnerable:
- Cisco Aironet 1830e Series Access Point
- Cisco Aironet 1830i Series Access Point
- Cisco Aironet 1850e Series Access Point
- Cisco Aironet 1850i Series Access Point ...
- http://www.securityt....com/id/1034668
CVE Reference: CVE-2015-6320
Jan 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
The vendor has assigned bug ID CSCuv63138 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (8.1.131.0)...
___

Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vuln
- http://tools.cisco.c...sa-20160113-air
2016 Jan 13 v1.0 - "Summary: A vulnerability in Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to log in to the device by using a default account that has a static password. By default, the account does not have full administrative privileges. The vulnerability is due to the presence of a default user account that is created when the device is installed. An attacker could exploit this vulnerability by logging in to the device by using the default account, which could allow the attacker to gain unauthorized access to the device. Cisco released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: The following Cisco products are vulnerable:
- Cisco Aironet 1830e Series Access Point
- Cisco Aironet 1830i Series Access Point
- Cisco Aironet 1850e Series Access Point
- Cisco Aironet 1850i Series Access Point ...
- http://www.securityt....com/id/1034667
CVE Reference: CVE-2015-6336
Jan 13 2016
The vendor has assigned bug ID CSCuw58062 to this vulnerability.
Impact: A remote user can gain access to the target system.
___

- https://www.us-cert....ecurity-Updates
Jan 13, 2016
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Adaptive Security Appliance Information Disclosure Vuln
- http://tools.cisco.c...sa-20160115-asa
2016 Jan 15 v1.0 - "Summary: A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional attacks. The vulnerability occurs because the Cisco ASA does not sufficiently protect sensitive data during a Cisco AnyConnect client authentication attempt. An attacker could exploit the vulnerability by attempting to authenticate to the Cisco ASA with AnyConnect. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available...
Vulnerable Products: Cisco ASA running Cisco ASA Software release 8.4 is vulnerable...
- http://www.securityt....com/id/1034691
CVE Reference: CVE-2016-1295
Jan 18 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.4
The vendor has assigned bug ID CSCuo65775 to this vulnerability.
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix...
___

Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vuln
- http://tools.cisco.c...60115-FireSIGHT
2016 Jan 15 v1.0 - "Summary: Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface. The vulnerabilities are due to improper sanitization of parameter values. An attacker could exploit these vulnerabilities by injecting malicious code into an affected parameter and persuading a user to access a web page that requires reading or executing the parameter. Cisco released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities...
Vulnerable Products: Cisco FireSIGHT Management Center running on Cisco FireSIGHT System Software Releases 6.0.0 and 6.0.1 are vulnerable...
- http://www.securityt....com/id/1034689
CVE Reference: CVE-2016-1293
Jan 18 2016
The vendor has assigned bug IDs CSCuw89080, CSCuw89129, CSCux40414, CSCux40464, CSCux40508, CSCux40619, CSCux40639, CSCux40654, CSCux40714, and CSCux40731 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco FireSIGHT software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user...
 

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vuln
- http://tools.cisco.c...a-20160120-ucsm
2016 Jan 21 v1.1 Critical - "Summary: A vulnerability in a CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotected calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability...
Vulnerable Products: All versions of Cisco UCS Manager prior to the first fixed release as indicated in the "Fixed Software" section of this advisory are affected.
FX-OS for Firepower 9000 Series prior to version 1.1.2 is affected.
Administrators can check the version of Cisco UCS Manager software by logging in to the management GUI. The UCS Manager version number is listed in the Version field in the pop-up after clicking the Information icon.
Administrators can check the version of FX-OS software running on their Cisco Firepower 9000 Series chassis by logging in to the management GUI. The FX-OS version number is listed in the Version field at the top of the Overview..."
- http://www.securityt....com/id/1034743
CVE Reference: CVE-2015-6435
Jan 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 2.2(4b), 2.2(5a), 3.0(2e)
The vendor has assigned bug IDs CSCur90888 and CSCux10615 to this vulnerability.
Impact: A remote user can execute arbitrary commands on the target system.
Solution: The vendor has issued a fix (2.2(4b), 2.2(5a), 3.0(2e))...
___

Cisco Modular Encoding Platform D9036 Software Default Credentials Vuln
- http://tools.cisco.c...-20160120-d9036
2016 Jan 20 v1.0 Critical - "Summary: A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. Successful exploitation could allow the attacker to access the system with the privileges of the root user. In addition to the root user, the guest user account also has a default and static password. The guest account is created at installation and cannot be changed or deleted without impacting the functionality of the system. However, this account has limited privileges on the system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
Vulnerable Products: This vulnerability affects any products running Cisco Modular Encoding Platform D9036 Software prior to release version 02.04.70..."
___

Cisco Identity Services Engine Unauthorized Access Vuln
- http://tools.cisco.c...a-20160113-ise2
2016 Jan 19 v1.1 - "Summary: Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. The vulnerability occurs because specific types of web resources are not correctly filtered for administrative users with different privileges. An attacker could exploit this vulnerability by authenticating at a low-privileged account and then accessing the web resources directly. An exploit could allow the attacker to access web pages that are reserved for higher-privileged administrative users. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address this vulnerability.
Vulnerable Products: Cisco Identity Services Engine versions prior to 2.0 are vulnerable..."
- http://www.securityt....com/id/1034767
CVE Reference: CVE-2015-6317
Jan 21 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0 ...
The vendor has assigned bug ID CSCuu45926 to this vulnerability.
Impact: A remote authenticated user with low privileges can access web resources that otherwise require higher administrative privileges to access.
Solution: The vendor has issued a fix (2.0)...
___

Cisco Web Security Appliance Security Bypass Vuln
- http://tools.cisco.c...sa-20160119-wsa
2016 Jan 19 v1.0 - "Summary: A vulnerability in the proxy engine of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an improper HTTP method. A successful exploit could allow the attacker to circumvent WSA functionality that prevents proxied network traffic. Cisco released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability...
Vulnerable Products: Cisco Web Security Appliance (WSA) versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 are vulnerable..."
- http://www.securityt....com/id/1034763
CVE Reference: CVE-2016-1296
Jan 21 2016
Version(s): 8.5.3-055, 9.1.0-000, 9.5.0-235 ..
The vendor has assigned bug IDs CSCuw32090 and CSCux00848 to this vulnerability.
Impact: A remote user can bypass proxy security restrictions on the target system...
 

[AplusWebMaster]

FYI...

> http://tools.cisco.c...cationListing.x

Cisco RV220W Management Authentication Bypass Vuln
- http://tools.cisco.c...-20160127-rv220
2016 Jan 27 v1.0 Critical - "Summary: A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. The vulnerability is due to insufficient input validation of HTTP request headers that are sent to the web-based management interface of an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the management interface of a targeted device. Depending on whether remote management is configured for the device, the management interface may use the SQL code in the HTTP request header to determine user privileges for the device. A successful exploit could allow the attacker to bypass authentication on the management interface and gain administrative privileges on the device. Cisco released a -firmware- update that addresses this vulnerability. There are workarounds that address this vulnerability...
Vulnerable Products: Cisco RV220W Wireless Network Security Firewall devices running firmware releases prior to 1.0.7.2 are affected by this vulnerability...
- http://www.securityt....com/id/1034830
CVE Reference: CVE-2015-6319
Jan 27 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Model RV220W; firmware prior to 1.0.7.2 ...
The vendor has assigned bug ID CSCuv29574 to this vulnerability...
Impact: A remote user can gain administrative access to the target system.
Solution: The vendor has issued a fix (1.0.7.2).
___

Cisco Wide Area Application Svc CIFS DoS Vuln
- http://tools.cisco.c...160127-waascifs
2016 Jan 27 v1.0 High - "Summary: A vulnerability in the Common Internet File System (CIFS) optimization feature of the Cisco Wide Area Application Service (WAAS) device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service (DoS) condition. The vulnerability is due to insufficient flow handling of incoming CIFS traffic. An attacker could exploit this vulnerability by sending malicious traffic designed to trigger the vulnerability. An exploit could allow the attacker to cause a DoS condition by exhausting system buffering resources, resulting in a reload of the affected device...
Vulnerable Products: The following Cisco WAAS products are affected by this vulnerability:
    Cisco WAAS appliances
    Cisco Virtual WAAS (vWAAS)
    Cisco WAAS modules
The vulnerability was introduced in WAAS version 5.1.1d. Administrators can use the show version command from the WAAS command-line interface (CLI) to determine whether a vulnerable version of Cisco WAAS Software is running...
Indicators of Compromise: Exploitation of this vulnerability could cause an affected device to reload and generate a core file. To view the core file, administrators can use the dir crash command in the WAAS CLI. To determine whether a device was affected by this vulnerability, the core file should be reviewed by the Cisco Technical Assistance Center (TAC)...
- http://www.securityt....com/id/1034831
CVE Reference: CVE-2015-6421
Jan 27 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.1.1d and later ...
The vendor has assigned bug ID CSCus85330 to this vulnerability.
Impact: A remote user can cause the target device to reload.
Solution: The vendor has issued a fix (5.3.5d)...
 

Edited by AplusWebMaster, 28 January 2016 - 07:47 AM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...cationListing.x

Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vuln
- http://tools.cisco.c...0160201-apic-em
2016 Feb 1 v1.0 - "Summary: A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack. The vulnerability is due to insufficient sanitization of HTML entities returned to the end user. An attacker could exploit this vulnerability by convincing a user to access a malicious link. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available...
Vulnerable Products: Application Policy Infrastructure Controller Enterprise Module (APIC-EM) release 1.1 is vulnerable...
- http://www.securityt....com/id/1034902
CVE Reference: CVE-2016-1305
Feb 2 2016
The vendor has assigned bug ID CSCux15511 to this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco Application Policy Infrastructure Controller software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix...