Cisco Systems

Cisco IOS XR Software Border Gateway Protocol Vulnerability

Mon, 06 Sep 2010 14:45:00 GMT

Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session.

Cisco Unified Communications Manager Denial of Service Vulnerabilities

Wed, 25 Aug 2010 08:40:00 GMT

Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.

Cisco Unified Presence Denial of Service Vulnerabilities

Wed, 25 Aug 2010 08:30:00 GMT

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services.

Cisco IOS Software TCP Denial of Service Vulnerability

Thu, 12 Aug 2010 14:30:00 GMT

Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device.

SQL Injection Vulnerability in Cisco Wireless Control System

Wed, 11 Aug 2010 09:00:00 GMT

Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS.

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

Wed, 11 Aug 2010 09:00:00 GMT

The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities: Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability Secure Socket Layer (SSL) DoS vulnerability SIP inspection DoS vulnerability

SNMP Version 3 Authentication Vulnerabilities

Mon, 09 Aug 2010 07:30:00 GMT

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

Wed, 04 Aug 2010 09:00:00 GMT

Multiple Vulnerabilities in Cisco Firewall Services Module

Wed, 04 Aug 2010 09:00:00 GMT

CDS Internet Streamer: Web Server Directory Traversal Vulnerability

Thu, 29 Jul 2010 06:00:00 GMT

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL.

Transport Layer Security Renegotiation Vulnerability

Thu, 22 Jul 2010 10:00:00 GMT

An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.

Cisco Secure Desktop ActiveX Control Code Execution Vulnerability

Tue, 13 Jul 2010 06:00:00 GMT

Updated workarounds.

Cisco Unified MeetingPlace XSS Vulnerability (November 2007)

Thu, 08 Jul 2010 08:00:00 GMT

This is the Cisco PSIRT response to an issue that was discovered and reported to Cisco by Joren McReynolds regarding a cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.

Cisco Unified MeetingPlace XSS Vulnerability

Thu, 08 Jul 2010 08:00:00 GMT

This is the Cisco PSIRT response to an issue discovered and reported to Cisco by Roger Jefferiss and Rob Pope of SecureTest Ltd, UK regarding cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.

Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability

Wed, 07 Jul 2010 08:00:00 GMT