332 replies to this topic

[AplusWebMaster]

FYI...

Cisco Nexus OS vuln
- http://securitytracker.com/id/1026254
Date: Oct 28 2011
CVE Reference: http://web.nvd.nist....d=CVE-2011-2569
Impact: Root access via local system, User access via local system
Fix Available: Yes - Vendor Confirmed: Yes
Description: A vulnerability was reported in Cisco NX-OS. A local user can obtain elevated privileges on the target system...
The vendor's advisory is available at:
> http://tools.cisco.c...x?alertId=24458

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco SRP500 series (Small Business) bug lets remote users inject commands
- http://www.securityt....com/id/1026266
CVE Reference: http://web.nvd.nist....d=CVE-2011-4005
Date: Nov 2 2011
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes | Vendor Confirmed: Yes
Version(s): 520 Series ...
... vendor's advisory is available at:
- http://tools.cisco.c...20111102-srp500
2011 November 2 - "Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available..."
IPS Signatures:
- http://tools.cisco.c...gnatureId=40046
Alarm Severity: High
CVE: CVE-2011-4005
IntelliShield Alerts:
- http://tools.cisco.c...x?alertId=24495
CVE: CVE-2011-4005
CVSS Score: 9.3/7.7
___

- https://secunia.com/advisories/46664/
Release Date: 2011-11-03
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
CVE Reference: http://web.nvd.nist....d=CVE-2011-4005
... vulnerability is reported in the following products and versions:
* Cisco SRP521W versions prior to 1.1.24.
* Cisco SRP526W versions prior to 1.1.24.
* Cisco SRP527W versions prior to 1.1.24.
* Cisco SRP541W versions prior to 1.2.1.
* Cisco SRP546W versions prior to 1.2.1.
* Cisco SRP547W versions prior to 1.2.1.
Solution: Update to version 1.1.24 or 1.2.1.

Edited by AplusWebMaster, 03 November 2011 - 07:31 AM.

[AplusWebMaster]

FYI...

Cisco TelePresence - C Series EX Series - vuln/workaround
- http://tools.cisco.c...nce-c-ex-series
2011 November 9 - "... Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory..."

- http://www.securityt....com/id/1026308
Date: Nov 9 2011
Impact: Root access via network
Version(s): TC4.0, TC4.1, TC4.2; distributed between November 18, 2010 and September 19, 2011
Impact: A remote user can gain root administrative access.
Solution: The vendor has issued a fix.
vendor's advisory is available at:
- http://tools.cisco.c...nce-c-ex-series

- https://secunia.com/advisories/46778/
Release Date: 2011-11-10
Criticality level: Moderately critical
Impact: System access
Where: From local network.
Solution Status: Vendor Workaround
... reported in versions TC 4.0, TC 4.1, and TC 4.2 in the following products:
* Cisco TelePresence System Integrator C Series
* Cisco TelePresence EX Series
* Cisco TelePresence Quick Set
Solution: Disable the root account (please see the vendor's advisory for more information)...

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco IP Video - updates released
- http://www.securityt....com/id/1026539
CVE Reference: CVE-2011-4659
Date: Jan 18 2012
Impact: Root access via network
Version(s): E20 Phone; TelePresence Software version TE 4.1.0
Impact: A remote user can obtain root access on the target system.
Solution: The vendor has issued a fix (TE 4.1.1).
The vendor's advisory is available at:
http://tools.cisco.c...-sa-20120118-te
Summary: Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device...

Cisco Digital Media Manager - updates released
- http://www.securityt....com/id/1026541
CVE Reference: CVE-2012-0329
Date: Jan 18 2012
Impact: User access via network
Version(s): 5.2.2 and prior versions; 5.2.3
Impact: A remote authenticated user can gain administrative privileges on the target system.
Solution: The vendor has issued a fix (5.2.2.1, 5.3 DMM523_PATCH-A.iso).
The vendor's advisory is available at:
http://tools.cisco.c...sa-20120118-dmm
Summary: Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system...
___

Cisco WPS vuln Response
- http://tools.cisco.c...11-wps#Response
2012-January-18 - Rev 2.0 - Updated information for the WRP400.

Edited by AplusWebMaster, 19 January 2012 - 06:06 AM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco IronPort appliances Telnet Remote Code Execution vuln...
- https://secunia.com/advisories/47720/
Release Date: 2012-01-27
Criticality level: Moderately critical
Impact: System access
Where: From local network
CVE Reference: http://web.nvd.nist....d=CVE-2011-4862 - 10.0 (HIGH)
Solution Status: Vendor Workaround
... vulnerability is reported in the following products:
* Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0.
* Cisco IronPort Security Management Appliance (M-Series) versions prior to 7.8.0.
Solution: Disable the telnet service or update to a fixed version when available - see the vendor's advisory...
Original Advisory: Cisco (cisco-sa-20120126-ironport):
http://tools.cisco.c...120126-ironport
2012 January 26 - "... Cisco Ironport has not yet released software updates that address this vulnerability..."
___

- https://isc.sans.edu...l?storyid=12472
Last Updated: 2012-01-27 09:52:03 UTC - "... To mitigate the risk... switch off telnet on the device and use SSH to manage it instead..."

- https://secure.wikim...Telnet#Security

Edited by AplusWebMaster, 27 January 2012 - 03:09 PM.

[AplusWebMaster]

FYI...

Cisco NX-OS malformed IP Packet DoS vuln...
- http://tools.cisco.c...a-20120215-nxos
2012 Feb 15 - Summary: "Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet. Cisco has released free software updates that address this vulnerability..."
- http://web.nvd.nist....d=CVE-2012-0352
Last revised: 02/16/2012

- https://www.us-cert...._advisory_for29
Feb 15, 2012

Edited by AplusWebMaster, 17 February 2012 - 08:08 AM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco NX-OS Malformed IP Packet Denial of Service Vuln
- http://tools.cisco.c...a-20120215-nxos
2012-Feb-17 - Revision 1.1 - Added 4.x releases for Nexus 1000v Series Switches as vulnerable.

Cisco IOS Software Smart Install Remote Code Execution Vuln
- http://tools.cisco.c...8-smart-install
2012-Feb-17 - Revision 1.5 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

Cisco 10000 Series Denial of Service Vuln
- http://tools.cisco.c...a-20110928-c10k
2012-Feb-17 - Revision 1.3 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

Cisco IOS Software Network Address Translation Vuln
- http://tools.cisco.c...sa-20110928-nat
2012-Feb-17 - Revision 1.3 - Updated information in Cisco IOS Software table for Cisco IOS 12.2SXH.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco SMB SRP 500 multiple vulns
- http://tools.cisco.c...20120223-srp500
2012 Feb 23
Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities:
Cisco SRP 500 Series Web Interface Command Injection Vulnerability
Cisco SRP 500 Series Unauthenticated Configuration Upload Vulnerability
Cisco SRP 500 Series Directory Traversal Vulnerability
These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP device by default configuration and the WAN side of the SRP device if remote management is enabled. Remote management is disabled by default.
Cisco has released free software updates that address these vulnerabilities...
Workarounds:
• Disable Remote Management
Caution: Do not disable remote management if administrators manage devices using the WAN connection. This action will result in a loss of management connectivity to the device. Remote Management is disabled by default. If it is enabled, administrators can disable this feature by choosing Administration > Web Access Management. Change the setting for the Remote Management field to Disabled. Disabling remote management limits exposure because the vulnerability can then be exploited from the inter-LAN network only.
• Limit Remote Management Access to Specific IP Addresses...
___

- https://secunia.com/advisories/48129/
Release Date: 2012-02-24
Criticality level: Moderately critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to version 1.1.26 or 1.2.4.
Original Advisory:
http://tools.cisco.c...20120223-srp500

- http://www.securityt....com/id/1026736
Date: Feb 23 2012
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0363 - 9.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0364 - 7.8 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0365 - 9.0 (HIGH)
Last revised: 02/29/2012
Impact: Execution of arbitrary code via network, Modification of system information, Root access via network
... affected when running firmware prior to version 1.1.26:
* Cisco SRP 521W, SRP 526W, SRP 527W
... affected when running firmware prior to version 1.2.4:
* Cisco SRP 521W-U, SRP 526W-U, 527W-U, 541W, 546W, 547W ...

Edited by AplusWebMaster, 29 February 2012 - 10:37 PM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco Wireless LAN Controllers - multiple vulns
- http://tools.cisco.c...sa-20120229-wlc
Last Updated: 2012 March 1
Cisco Cius DoS vuln
- http://tools.cisco.c...a-20120229-cius
Feb 29, 2012
Cisco UCM Skinny Client Control Protocol vuln
- http://tools.cisco.c...a-20120229-cucm
Feb 29, 2012
Cisco Unity Connection - multiple vulns
- http://tools.cisco.c...sa-20120229-cuc
Feb 29, 2012
Cisco TelePresence Video Communication Svr Session Initiation Protocol DoS vulns
- http://tools.cisco.c...sa-20120229-vcs
Feb 29, 2012
___

- https://www.us-cert....ity_advisories5
Feb 29, 2012

- https://secunia.com/advisories/48176/ - Cisco Cius
- https://secunia.com/advisories/48232/ - Cisco Wireless LAN Controllers
- https://secunia.com/advisories/48231/ - Cisco Unified Communications Manager
- https://secunia.com/advisories/48218/ - Cisco Unified Communications Manager
- https://secunia.com/advisories/48004/ - Cisco Unity Connection DoS vuln
- https://secunia.com/advisories/48215/ - Cisco Unity Connection Sec Bypass + DoS vuln
- https://secunia.com/advisories/48234/ - Cisco TelePresence Video Comm Svr DoS vuln

- http://www.securityt....com/id/1026748 - Cisco Cius
- http://www.securityt....com/id/1026747 - Cisco Wireless LAN Controllers
- http://www.securityt....com/id/1026749 - Cisco Unified Communications Manager
- http://www.securityt....com/id/1026750 - Cisco Unity Connection
- http://www.securityt....com/id/1026751 - Cisco TelePresence Video Comm Svr

Edited by AplusWebMaster, 04 March 2012 - 12:52 PM.

[AplusWebMaster]

FYI...

- http://tools.cisco.c...licationListing

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services
- http://tools.cisco.c...sa-20120314-asa
March 14, 2012

Cisco Firewall Services... DoS vuln
- http://tools.cisco.c...a-20120314-fwsm
March 14, 2012

Cisco ASA 5500 Series - VPN ActiveX Control Remote Code Execution vuln
- http://tools.cisco.c...20314-asaclient
March 14, 2012
___

- https://www.us-cert....ity_advisories6
March 14, 2012

- http://h-online.com/-1473257
15 March 2012

Edited by AplusWebMaster, 15 March 2012 - 11:25 AM.

[AplusWebMaster]

FYI...

- http://www.cisco.com..._ERP_mar12.html
March 28, 2012
___

- http://tools.cisco.c...licationListing

Cisco IOS Software Reverse SSH Denial of Service Vulnerability
- http://tools.cisco.c...sa-20120328-ssh
March 28, 2012
Cisco IOS Software RSVP Denial of Service Vulnerability
- http://tools.cisco.c...a-20120328-rsvp
March 28, 2012
Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization
- http://tools.cisco.c...a-20120328-mace
March 28, 2012
Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
- http://tools.cisco.c...a-20120328-msdp
March 28, 2012
Cisco IOS Software Network Address Translation Vulnerability
- http://tools.cisco.c...sa-20120328-nat
March 28, 2012
Cisco IOS Internet Key Exchange Vulnerability
- http://tools.cisco.c...sa-20120328-ike
March 28, 2012
Cisco IOS Software Smart Install Denial of Service Vulnerability
- http://tools.cisco.c...28-smartinstall
March 28, 2012
Cisco IOS Software Command Authorization Bypass
- http://tools.cisco.c...sa-20120328-pai
March 28, 2012
Cisco IOS Software Zone-Based Firewall Vulnerabilities
- http://tools.cisco.c...a-20120328-zbfw
March 28, 2012
___

Cisco IOS Reverse SSHv2 Login Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026866
Cisco IOS RSVP VPN Routing and Forwarding Bug Lets Remote Users Deny Service
- http://www.securityt....com/id/1026865
Cisco IOS Bugs in Traffic Optimization Features Let Remote Users Execute Arbitrary Code
- http://www.securityt....com/id/1026862
Cisco IOS Multicast Source Discovery Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026868
Cisco IOS SIP NAT Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026864
Cisco IOS IKE Processing Flaw Lets Remote Users Deny Service
- http://www.securityt....com/id/1026863
Cisco IOS Smart Install Bug Lets Remote Users Deny Service
- http://www.securityt....com/id/1026867
Cisco IOS Lets Remote Authenticated Users Bypass Command Authorization Level Controls
- http://www.securityt....com/id/1026860
Cisco IOS Zone-Based Firewall IP/HTTP/H.323/SIP Bugs Let Remote Users Deny Service
- http://www.securityt....com/id/1026861
___

- https://www.us-cert....ity_advisories7
March 28, 2012

Edited by AplusWebMaster, 01 April 2012 - 09:59 AM.

[AplusWebMaster]

FYI...

Cisco WebEx Player updates...
- http://tools.cisco.c...-20120404-webex
2012 April 4 - "... Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user... If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/
Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities..."

- http://www.securityt....com/id/1026888
CVE Reference: CVE-2012-1335, CVE-2012-1336, CVE-2012-1337
Date: Apr 4 2012
Impact: Execution of arbitrary code via network, User access via network ...
Solution: The vendor has issued a fix (Client builds 27.25.10 (T27 LC SP25 EP10), Client builds 27.32.1 (T27 LD SP32 CP1)...

[AplusWebMaster]

FYI...

Cisco multiple advisories - 2012.05.02-03

Cisco IOS Multiple Bugs...
- http://www.securityt....com/id/1027005
Date: May 2 2012
CVE Reference: CVE-2011-2578, CVE-2011-2586, CVE-2011-3289, CVE-2011-3295, CVE-2011-4007, CVE-2011-4012, CVE-2011-4015, CVE-2011-4016, CVE-2012-0338, CVE-2012-0339, CVE-2012-0362
Impact: Denial of service via network, Disclosure of system information, Host/resource access via network
Description: Multiple vulnerabilities were reported in Cisco IOS. A remote user can cause denial of service conditions. A remote user can bypass security controls. A remote user can obtain potentially sensitive information. A physically local user can read the start-up configuration...
Solution: The vendor has issued fixes. The vendor's advisories are available at:
http://www.cisco.com...151-4MCAVS.html
http://tools.cisco.c...x?alertId=24436
http://www.cisco.com...F_rebuilds.html
http://www.cisco.com...H_rebuilds.html
http://www.cisco.com...151-2TCAVS.html
http://www-europe.ci...amp;sortparam=7
http://www.cisco.com...aveats_33s.html
http://www.cisco.com...aveats_SXJ.html
http://www.cisco.com...ts_15_2_2s.html

Cisco Carrier Routing System Bugs...
- http://www.securityt....com/id/1027006
Date: May 2 2012
CVE Reference: CVE-2011-3283, CVE-2011-3295
Impact: Denial of service via network
Solution: The vendor has issued a fix. The vendor's advisories are available at:
http://www.cisco.com...p;release=3.9.1
http://www-europe.ci...amp;sortparam=7

Cisco Unified MeetingPlace Input Validation Flaw...
- http://www.securityt....com/id/1027007
Date: May 2 2012
CVE Reference: CVE-2012-0337
Impact: Disclosure of system information, Disclosure of user information, User access via network
Version(s): 7.1
Description: A vulnerability was reported in Cisco Unified MeetingPlace. A remote authenticated user can inject SQL commands...
Solution: The vendor has issued a fix (7.1.2.6 (MR1)). The vendor's advisory is available at:
http://www.cisco.com...tes/mp71rn.html

Cisco ASA Bugs...
- http://www.securityt....com/id/1027008
Date: May 2 2012
CVE Reference: CVE-2011-3285, CVE-2011-3309, CVE-2011-4006, CVE-2012-0335
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): ASA 5500 Series; 7.2 - 8.5
Description: Several vulnerabilities were reported in Cisco ASA. A remote user can cause denial of service conditions. A remote user can conduct HTTP response splitting attacks. A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix. The vendor's advisories are available at:
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html
http://www.cisco.com...ease-Notes.html

Cisco Unified Contact Center Express Unspecified Flaw...
- http://www.securityt....com/id/1027009
Date: May 2 2012
CVE Reference: CVE-2011-2583
Impact: Denial of service via network
Version(s): CCX 8.0 and 8.5
Description: A vulnerability was reported in Cisco Unified Contact Center Express. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix. The vendor's advisory is available at:
http://www.cisco.com...e/uccx851rn.pdf

Cisco Secure Access Control Server Bugs...
- http://www.securityt....com/id/1027010
Date: May 3 2012
CVE Reference: CVE-2011-3293, CVE-2011-3317
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 5.2
Description: Two vulnerabilities were reported in Cisco Secure Access Control Server. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix. The vendor's advisory is available at:
http://www.cisco.com...26-9-Readme.txt

Cisco Wireless Control System...
- http://www.securityt....com/id/1027011
Date: May 3 2012
CVE Reference: CVE-2011-4014
Impact: Disclosure of system information, Disclosure of user information
Version(s): 7.0 prior to 7.0.230.0
Description: A vulnerability was reported in Cisco Wireless Control System. A remote authenticated user can view arbitrary files in a certain directory on the target system.
Solution: The vendor has issued a fix (7.0.230.0). The vendor's advisory is available at:
http://www.cisco.com..._RN7_0_230.html

Cisco IP Small Business Phones
- http://www.securityt....com/id/1027012
Date: May 3 2012
CVE Reference: CVE-2012-0333
Impact: Host/resource access via network
Version(s): SPA 500 series firmware 7.4.9 and prior
Description: A vulnerability was reported in Cisco Small Business IP Phones. A remote user can make unauthorized phone calls.
Solution: The vendor has issued a fix (7.5.1). The vendor's advisory is available at:
http://www-europe.ci...lnote_7_5_1.pdf

Cisco IP Communicator SCCP Message Bug...
- http://www.securityt....com/id/1027013
Date: May 3 2012
CVE Reference: CVE-2012-0361
Impact: Denial of service via network
Version(s): 7.0 - 8.6
Description: A vulnerability was reported in Cisco IP Communicator. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (8.6). The vendor's advisory is available at:
http://www.cisco.com.../CIPC8x_RN.html

Edited by AplusWebMaster, 03 May 2012 - 05:46 AM.

[AplusWebMaster]

FYI...

Cisco multiple advisories - 2012.05.09

Cisco Unified MeetingPlace multiple vulns - update available
- https://secunia.com/advisories/49104/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Cross Site Scripting, Manipulation of data
Where: From remote
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0337 - 6.5
... vulnerabilities are reported in versions prior to 7.1.2.6 (MR1).
Solution: Update to version 7.1.2.6 (MR1).
Original Advisory: http://www.cisco.com...tes/mp71rn.html

- https://secunia.com/advisories/49102/
Release Date: 2012-05-09
Impact: Cross Site Scripting, Exposure of system information
Where: From remote
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-4232 - 5.0
Solution: Update to version 6.1.1.4 (MR1).
Original Advisory:
http://www.cisco.com...tes/mp61_rn.pdf

CiscoWorks LMS multiple vulns - update available
- https://secunia.com/advisories/49094/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3190 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4237 - 4.3
... vulnerabilities are reported in versions prior to 4.2.
Solution: Update to version 4.2.
Original Advisory: http://www.cisco.com...s/lms42rel.html

Cisco Secure ACS multiple vulns - update available
- https://secunia.com/advisories/49101/
Release Date: 2012-05-09
Criticality level: Moderately critical
Impact: Unknown, Cross Site Scripting, Manipulation of data
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3293 - 6.8
- http://web.nvd.nist....d=CVE-2011-3317 - 4.3
Solution: Update to version 5.2.0.26 patch 9.
Original Advisory: http://www.cisco.com...26-9-Readme.txt

Edited by AplusWebMaster, 11 May 2012 - 07:38 AM.

[AplusWebMaster]

FYI...

Cisco ASA vuln - updates available
- https://secunia.com/advisories/49139/
Release Date: 2012-05-16
Impact: Exposure of sensitive information
Where: From remote
- http://web.nvd.nist....d=CVE-2012-0335 - 5.0
... vulnerability is reported in versions -prior- to interim release 8.4.3(8).
Solution: Update to interim release 8.4.3(8).
Original Advisory:
http://www.cisco.com...ease-Notes.html
___

- http://tools.cisco.c...licationListing

Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
- http://tools.cisco.c...20314-asaclient
2012 March 14 - "... Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available..."

Cisco IOS Software Network Address Translation Vulnerabilities
- http://tools.cisco.c...sa-20110928-nat
2012 March 14 - "... Cisco has released free software updates that address this vulnerability..."

Edited by AplusWebMaster, 18 May 2012 - 05:51 AM.