Cisco Security Advisory http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Cisco Security Advisory Cisco Systems, Inc. 15 Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(March%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory. On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulnerabilities. The following seven are actively under investigation and the vulnerabilities are referenced in this document as follows:<br /> <br /> <ul> <li>CVE-2015-0286: OpenSSL ASN1_TYPE_cmp Denial of Service Vulnerability</li> <li>CVE-2015-0287: OpenSSL ASN.1 Structure Reuse Memory Corruption Vulnerability</li> <li>CVE-2015-0289: OpenSSL PKCS7 NULL Pointer Dereference Denial of Service Vulnerability</li> <li>CVE-2015-0292: OpenSSL Base64 Decoding Memory Corruption Vulnerability</li> <li>CVE-2015-0293: OpenSSL SSLv2 CLIENT-MASTER-KEY Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0209: OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service Vulnerability</li> <li>CVE-2015-0288: OpenSSL X.509 to PKCS#10 Denial of Service Vulnerability</li> </ul> <br /> The following six vulnerabilities do not affect any Cisco products:<br /> <ul> <li>CVE-2015-0291: OpenSSL ClientHello sigalgs Denial of Service Vulnerability</li> <li>CVE-2015-0290: OpenSSL Multiblock Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0207: OpenSSL DTLSv1_listen SSL Object Corruption Denial of Service Vulnerability</li> <li>CVE-2015-0208: OpenSSL Invalid Probabilistic Signature Scheme Parameters Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-1787: OpenSSL Empty ClientKeyExchange Denial of Service Vulnerability&nbsp;</li> <li>CVE-2015-0285: OpenSSL Handshake with Unseeded PRNG Predictable Value Vulnerability&nbsp;</li> </ul> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl</a> Fri, 22 May 2015 21:31:24 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=GNU%20glibc%20gethostbyname%20Function%20Buffer%20Overflow%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=GNU glibc gethostbyname Function Buffer Overflow Vulnerability" border='0' height='0' width='0'></img>On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.<br /> <br /> The <em>glibc</em> library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected.<br /> <br /> This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost</a> Fri, 22 May 2015 16:57:22 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20(January%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: <ul> <li>CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability</li> <li>CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability</li> <li>CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability</li> <li>CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability</li> <li>CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability</li> <li>CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability</li> <li>CVE-2014-8275:&nbsp;OpenSSL Certificate Fingerprint Validation Vulnerability</li> <li>CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue</li> </ul> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl</a> Thu, 14 May 2015 15:25:27 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20ntpd%20(April%202015)%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the <em>ntpd</em> package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service (DoS) condition.<br /> <br /> On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding bypass of authentication controls. These vulnerabilities are referenced in this document as follows:<br /> <ul> <li>CVE-2015-1798: NTP Authentication bypass vulnerability</li> <li>CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks</li> </ul> Cisco has released free software updates that address these vulnerabilities. <br /> <br /> Workarounds that mitigate these vulnerabilities are available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd</a> Thu, 14 May 2015 15:15:33 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd Multiple Vulnerabilities in Cisco TelePresence TC and TE Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20TelePresence%20TC%20and%20TE%20Software&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco TelePresence TC and TE Software" border='0' height='0' width='0'></img>Cisco TelePresence TC and TE Software contains the following vulnerabilities:<br /> <ul> <li>Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability</li> <li>Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability </li> </ul> <br /> Successful exploitation of the Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability could allow an attacker to bypass system authentication and access the device with the privileges of the <em>root</em> user.<br /> <br /> Successful exploitation of the&nbsp;Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability could allow an attacker to restart several processes and possibly trigger a reload of the affected system.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc</a> Wed, 13 May 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc Command Injection Vulnerability in Multiple Cisco TelePresence Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Command%20Injection%20Vulnerability%20in%20Multiple%20Cisco%20TelePresence%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Command Injection Vulnerability in Multiple Cisco TelePresence Products" border='0' height='0' width='0'></img>A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the <em>root</em> user.<br /> <br /> The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the <em>root</em> user.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp</a> Wed, 13 May 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=SSL%20Padding%20Oracle%20On%20Downgraded%20Legacy%20Encryption%20(POODLE)%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability" border='0' height='0' width='0'></img>On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle</a> Thu, 07 May 2015 17:42:23 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle Cisco UCS Central Software Arbitrary Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Central%20Software%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco UCS Central Software Arbitrary Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.<br /> <br /> The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the <em>root</em> user.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc</a> Wed, 06 May 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20BVI%20Routed%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability.<br /> <br /> The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr</a> Fri, 17 Apr 2015 13:44:03 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Desktop%20Cache%20Cleaner%20Command%20Execution%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability" border='0' height='0' width='0'></img>A vulnerability in a Cisco-signed <span class="st">Java Archive</span> (JAR) executable Cache Cleaner<em> </em>component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .<em>jar</em> file is executed. Command execution would occur with the privileges of the user.<br /> <br /> The Cache Cleaner feature has been deprecated since November 2012. <br /> <br /> There is no fixed software for this vulnerability. Cisco Secure Desktop packages that include the affected <em>.jar</em> files have been removed and are no longer available for download. <br /> <br /> Because Cisco does not control all existing Cisco Secure Desktop packages, customers are advised to ensure that their Java blacklist controls have been updated to avoid potential exploitation. Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability.<br /> <br /> Customers using Cisco Secure Desktop should migrate to the Cisco Host Scan standalone package. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd</a> Wed, 15 Apr 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20ASA%20Software&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco ASA Software" border='0' height='0' width='0'></img><p>Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: </p> <ul> <li>Cisco ASA Failover Command Injection Vulnerability</li> <li>Cisco ASA DNS Memory Exhaustion Vulnerability</li> <li>Cisco ASA VPN XML Parser Denial of Service Vulnerability </li> </ul> Successful exploitation of the Cisco ASA Failover Command Injection Vulnerability would allow an attacker to submit failover commands to the failover units,&nbsp; which may result in an attacker taking full control of the systems.<br /> <br /> Successful exploitation of the Cisco ASA DNS Memory Exhaustion Vulnerability may result in system instability and dropped traffic.<br /> <br /> Successful exploitation of the Cisco ASA VPN XML Parser Denial of Service Vulnerability may result in a crash of the WebVPN process, which may lead to the reset of all SSL VPN connections, system instability, and a reload of the affected system.<br /> <br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for the Cisco ASA Failover Command Injection Vulnerability and Cisco ASA DNS Memory Exhaustion Vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa</a><br /> <br /> <strong>Note:</strong> The resolution of the vulnerability in the Cisco Security Advisory<em> Cisco ASA FirePOWER Services and Cisco ASA CX Crafted Packets Denial of Service Vulnerability</em>,&nbsp;cisco-sa-20150408-cxfp,&nbsp; released on the 8th of April may require an upgrade of the Cisco ASA Software release. Cisco ASA customers should review cisco-sa-20150408-cxfp before deciding which Cisco ASA Software release to upgrade to.<br /> <br /> The Cisco Security Advisory <em>Cisco ASA FirePOWER Services and Cisco ASA CX Crafted Packets Denial of Service Vulnerability</em> is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp</a> Wed, 08 Apr 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20ASA%20FirePOWER%20Services%20and%20Cisco%20ASA%20CX%20Services%20Crafted%20Packets%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability" border='0' height='0' width='0'></img><span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField">A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.<br /> </span><br /> Cisco has released free software updates that address this vulnerability. The resolution includes upgrading the Cisco ASA FirePOWER Services Software or the Cisco ASA CX Services Software and the Cisco ASA Software. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp</a><br /> <br /> <strong>Note:</strong> Cisco ASA Software is affected by several other vulnerabilities described in the Cisco Security Advisory <em>Multiple Vulnerabilities in Cisco ASA Software</em>, cisco-sa-20150408-asa.<br /> Cisco ASA customers should review&nbsp;cisco-sa-20150408-asa before determining an upgrade release for Cisco ASA Software.<br /> <br /> Cisco Security Advisory <em>Multiple Vulnerabilities in Cisco ASA Software</em> is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa</a><br /> Wed, 08 Apr 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp GNU Bash Environment Variable Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=GNU%20Bash%20Environment%20Variable%20Command%20Injection%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=GNU Bash Environment Variable Command Injection Vulnerability" border='0' height='0' width='0'></img><p class="line874" style="text-align: left;">On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.</p> All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, authentication is required before exploitation could be attempted.<br /> <br /> A number of Cisco products ship with or use an affected version of the Bash shell. The Bash shell is a third-party software component that is part of the GNU software project and used by a number of software vendors. As of this version of the Security Advisory, there have been a number of vulnerabilities recently discovered in the Bash shell, and the investigation is ongoing. For vulnerable products, Cisco has included information on the product versions that will contain the fixed software, and the date these versions are expected to be published on the <a href="http://www.cisco.com/cisco/web/support/index.html#~shp_download">cisco.com download page</a><a>. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability. This advisory is available at the following link:<br /> </a><a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash</a> Wed, 01 Apr 2015 21:14:56 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Multiple Vulnerabilities in Cisco Unity Connection http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20Unity%20Connection&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco Unity Connection" border='0' height='0' width='0'></img>Cisco Unity Connection contains multiple vulnerabilities, when it is configured with &nbsp;Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages.<br /> &nbsp;<br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc</a> Wed, 01 Apr 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Data%20Center%20Network%20Manager%20File%20Information%20Disclosure%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability" border='0' height='0' width='0'></img>Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system.<br /> <br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm</a> Wed, 01 Apr 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20XE%20Software%20for%20Cisco%20ASR%201000%20Series,%20Cisco%20ISR%204400%20Series,%20and%20Cisco%20Cloud%20Services%201000v%20Series%20Routers&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers" border='0' height='0' width='0'></img>Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities:<br /> <ul> <li>Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability</li> <li>Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability</li> <li>Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability</li> <li>Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability</li> <li>Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability</li> </ul> <br /> These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.<br /> <br /> Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the forwarding plane, causing an interruption of services. Repeated exploitation could result in a sustained denial of service (DoS) condition.<br /> <br /> Successful exploitation of Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 01 Apr 2015 01:04:06 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe Multiple Vulnerabilities in ntpd Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20ntpd%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in ntpd Affecting Cisco Products " border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the <em>ntpd </em>package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.<br /> <br /> On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows: <br /> <ul> <li>CVE-2014-9293:&nbsp;Weak Default Key in config_auth()</li> <li>CVE-2014-9294:&nbsp;Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Symmetric Keys</li> <li>CVE-2014-9295:&nbsp;Multiple Buffer Overflow Vulnerabilities in ntpd</li> <li>CVE-2014-9296:&nbsp;ntpd receive(): Missing Return on Error</li> </ul> <br /> On February 4, 2015, NTP.org and US-CERT released two additional vulnerabilities regarding improper validation of <em>vallen</em> in <em>ntp_crypto.c</em>&nbsp;and an IPv6 ::1 ACL bypass vulnerability. These vulnerabilities were added to their original advisory. For completeness, these vulnerabilities are referenced in this document as follows:<br /> <ul> <li>CVE-2014-9297:&nbsp;NTP ntp_crypto.c Improper Validation Vulnerability</li> <li>CVE-2014-9298:&nbsp;NTP IPv6 ACL Bypass Vulnerability</li> </ul> <br /> This advisory will be updated as additional information becomes available.<br /> <br /> Cisco will release free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities are available. <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd</a> Tue, 31 Mar 2015 15:29:34 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd Row Hammer Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Row%20Hammer%20Privilege%20Escalation%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Row Hammer Privilege Escalation Vulnerability" border='0' height='0' width='0'></img>On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system.<br /> <br /> In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory.<br /> <br /> Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.<br /> <br /> The research report is at the following link:<br /> <a href="http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html">http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html</a><br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer</a> Mon, 30 Mar 2015 20:31:35 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Affecting Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:<br /> <ul> <li>SSL/TLS Man-in-the-Middle Vulnerability</li> <li>DTLS Recursion Flaw Vulnerability</li> <li>DTLS Invalid Fragment Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability</li> <li>SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability</li> <li>Anonymous ECDH Denial of Service Vulnerability</li> <li>ECDSA NONCE Side-Channel Recovery Attack Vulnerability</li> </ul> <br /> Please note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.<br /> <br /> Cisco will release free software updates that address these vulnerabilities. <br /> <br /> Workarounds that mitigate these vulnerabilities may be available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl</a> Fri, 27 Mar 2015 19:50:23 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20mDNS%20Gateway%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device.<br /> <br /> The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Thu, 26 Mar 2015 20:49:58 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Virtual%20Routing%20and%20Forwarding%20ICMP%20Queue%20Wedge%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability" border='0' height='0' width='0'></img>A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to a failure to properly process malicious ICMP version 4 (ICMPv4) messages received on a VRF-enabled interface. An attacker could exploit this vulnerability by submitting ICMPv4 messages designed to trigger the vulnerability on an affected device. When the ICMPv4 messages are processed, the packet queue of the affected interface may not be cleared, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Thu, 26 Mar 2015 19:21:37 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Internet%20Key%20Exchange%20Version%202%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities" border='0' height='0' width='0'></img>Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. These vulnerabilities can only be triggered by sending malformed IKEv2 packets.<br /> <br /> There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:38:14 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20TCP%20Packet%20Memory%20Leak%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device.<br /> <br /> There are no workarounds for this vulnerability.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:32:29 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20and%20IOS%20XE%20Software%20Autonomic%20Networking%20Infrastructure&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure" border='0' height='0' width='0'></img>The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device.<br /> <ul> <li>Autonomic Networking Registration Authority Spoofing Vulnerability</li> <li>Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability</li> <li>Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability</li> </ul> Cisco has released free software updates that address these vulnerabilities.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 21:21:35 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20Common%20Industrial%20Protocol&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol" border='0' height='0' width='0'></img>The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition:<br /> <ul> <li>Cisco IOS Software UDP CIP Denial of Service Vulnerability</li> <li>Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability</li> <li>Cisco IOS Software TCP CIP Denial of Service Vulnerability</li> </ul> <br /> These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.<br /> <br /> Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the forwarding plane, resulting in an interruption of services on an affected device. Repeated exploitation could result in a sustained DoS condition.<br /> <br /> Additionally, successful exploitation of Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The March 25, 2015, Cisco IOS &amp; XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS &amp; XE Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html</a></p> </span> Wed, 25 Mar 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip Cisco Secure Access Control System SQL Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Access%20Control%20System%20SQL%20Injection%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Secure Access Control System SQL Injection Vulnerability" border='0' height='0' width='0'></img><style> </style> <p>Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. A previous version of this advisory indicated that a product running version 5.5 patch 7 was not vulnerable; however, customers running version 5.5 patch 7 should upgrade to patch 8 to completely mitigate the vulnerability described in this advisory.</p> <p> </p> <p>Cisco has released free software updates that address this vulnerability.</p> <p>This advisory is available at the following link:</p> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs</a> Thu, 19 Mar 2015 20:24:39 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Intrusion%20Prevention%20System%20MainApp%20Secure%20Socket%20Layer%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability" border='0' height='0' width='0'></img>The <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField">Cisco Intrusion Prevention System (IPS) Software </span>has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips</a> Wed, 11 Mar 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20TelePresence%20Video%20Communication%20Server,%20Cisco%20Expressway,%20and%20Cisco%20TelePresence%20Conductor&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor" border='0' height='0' width='0'></img><br /> Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities:<br /> <ul> <li> SDP Media Description Denial of Service Vulnerability</li> <li>Authentication Bypass Vulnerability</li> </ul> Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload.<br /> Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs</a> Wed, 11 Mar 2015 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20IPv6%20Malformed%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic.<br /> <br /> The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device.<br /><br /> <br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> There are no workarounds that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6</a> Tue, 24 Feb 2015 01:19:14 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20ASA%20Software&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco ASA Software" border='0' height='0' width='0'></img>Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: <ul> <li>Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability</li> <li>Cisco ASA VPN Denial of Service Vulnerability</li> <li>Cisco ASA IKEv2 Denial of Service Vulnerability </li> <li>Cisco ASA Health and Performance Monitor Denial of Service Vulnerability</li> <li>Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability</li> <li>Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability</li> <li>Cisco ASA DNS Inspection Engine Denial of Service Vulnerability</li> <li>Cisco ASA VPN Failover Command Injection Vulnerability</li> <li>Cisco ASA VNMC Command Input Validation Vulnerability</li> <li>Cisco ASA Local Path Inclusion Vulnerability </li> <li>Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability </li> <li>Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability</li> <li>Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability </li> </ul> These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.<br /> <br /> Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition.<br /> <br /> Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system.<br /> <br /> Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system.<br /> <br /> Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages.<br /> <br /> Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM).<br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa</a> Wed, 11 Feb 2015 21:36:12 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa Cisco WebEx Meetings Server Command Injection Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20WebEx%20Meetings%20Server%20Command%20Injection%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco WebEx Meetings Server Command Injection Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system.<br /> <br /> The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface. <br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx</a> Wed, 04 Feb 2015 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx Cisco Prime Service Catalog XML External Entity Processing Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Service%20Catalog%20XML%20External%20Entity%20Processing%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Prime Service Catalog XML External Entity Processing Vulnerability " border='0' height='0' width='0'></img>A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. <br /> <br /> Cisco has released free software updates that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee</a> Wed, 28 Jan 2015 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts%202%20Command%20Execution%20Vulnerability%20in%20Multiple%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. <br /> <br /> The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the <em>ParameterInterceptors</em> directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. <br /> <br /> Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2</a> Wed, 17 Dec 2014 18:47:33 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2 Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IronPort%20Appliances%20Telnet%20Remote%20Code%20Execution%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability" border='0' height='0' width='0'></img><span id="ctl00_MainBodyContainer_DgFields_ctl03_lblField">Cisco AsyncOS Software</span> for Cisco <span id="ctl00_MainBodyContainer_DgFields_ctl03_lblField">Web Security Appliance (WSA)</span>, Cisco Email Security Appliance (ESA), and Cisco Content Security Management Appliance (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. <br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. <br /> <br /> <strong>Note:</strong> This security advisory has been updated to include important information about Cisco WSA<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport</a> Mon, 08 Dec 2014 21:21:32 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport Apache HTTPd Range Header Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20HTTPd%20Range%20Header%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Apache HTTPd Range Header Denial of Service Vulnerability" border='0' height='0' width='0'></img><p>The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. </p> <p> Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: <a href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=24024">http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=24024</a> </p> <p>This advisory is posted at <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache</a>.</p> Thu, 20 Nov 2014 16:35:36 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache Multiple Vulnerabilities in Cisco Small Business RV Series Routers http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20Small%20Business%20RV%20Series%20Routers&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco Small Business RV Series Routers" border='0' height='0' width='0'></img>The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities:<br /> <ul> <li>Cisco RV Series Routers Command Injection Vulnerability</li> <li>Cisco RV Series Routers HTTP Referer Header Vulnerability</li> <li>Cisco RV Series Routers Insecure File Upload Vulnerability</li> </ul> These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv</a> Thu, 20 Nov 2014 14:41:29 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20IP%20Phone%20Local%20Kernel%20System%20Call%20Input%20Validation%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability" border='0' height='0' width='0'></img>Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.<br /> <br /> This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.<br /> <br /> Ang Cui initially reported the issue to the Cisco Product Security Incident Response Team (PSIRT). On November 6, 2012, the Cisco PSIRT disclosed this issue in Cisco bug ID <a href="https://tools.cisco.com/bugsearch/bug/CSCuc83860">CSCuc83860</a> (<a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) Release Note Enclosure. Subsequently, Mr. Cui has spoken at several public conferences and has performed public demonstrations of a device being compromised and used as a listening device. <br /> <br /> Mitigations are available to help reduce the attack surface of affected devices. See the "Details" section of this security advisory and the accompanying Cisco Applied Mitigation Bulletin (AMB) for additional information. <br /> <br /> <strong>Update (November 3rd, 2014):</strong><br /> Updated software that resolves the vulnerability described in this document has been released. &nbsp;This release is generally available and can be downloaded from the product-specific support areas on Cisco.com. The release version is 9.4(2).<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone</a> Mon, 03 Nov 2014 21:48:48 PST http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=OpenSSL%20Heartbeat%20Extension%20Vulnerability%20in%20Multiple%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products" border='0' height='0' width='0'></img>Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.<br /> <br /> The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.<br /> <br /> Please note that the devices that are affected by this vulnerability are the devices acting as an SSL server terminating SSL connections or devices acting as an SSL Client initiating an SSL connection. Devices that are simply traversed by SSL traffic without terminating it are not affected.<br /> <br /> This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed</a> Wed, 29 Oct 2014 16:11:45 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed TCP Vulnerabilities in Multiple Non-IOS Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=TCP%20Vulnerabilities%20in%20Multiple%20Non-IOS%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=TCP Vulnerabilities in Multiple Non-IOS Cisco Products" border='0' height='0' width='0'></img><p> A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer), and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, the attack vector does not directly compromise data integrity or confidentiality. </p> <p> All Cisco products which contain a TCP stack are susceptible to this vulnerability. </p> <p> This advisory is available at <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios"> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios</a>, and it describes this vulnerability as it applies to Cisco products that do not run Cisco IOS&reg; software. </p> <p> A companion advisory that describes this vulnerability for products that run Cisco IOS software is available at <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-ios</a>. </p> Thu, 23 Oct 2014 12:53:51 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios Cisco TelePresence MCU Software Memory Exhaustion Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20MCU%20Software%20Memory%20Exhaustion%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco TelePresence MCU Software Memory Exhaustion Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system.<br /> <br /> Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu</a><br /> <br /> <br /> <strong>Note:</strong>&nbsp;This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as <em>Shellshock</em>). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash</a> Wed, 15 Oct 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20TelePresence%20Video%20Communication%20Server%20and%20Cisco%20Expressway%20Software&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software" border='0' height='0' width='0'></img>Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities:<br /> <ul> <li>Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability</li> <li>Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability</li> <li>Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability </li> </ul> Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition.<br /> <br /> Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs</a><br /> <br /> <strong>Note:</strong>&nbsp;This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as <em>Shellshock</em>). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory at the following link: <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash</a> Wed, 15 Oct 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs Multiple Vulnerabilities in Cisco Unified Communications Domain Manager http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20Unified%20Communications%20Domain%20Manager&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco Unified Communications Domain Manager" border='0' height='0' width='0'></img>Cisco Unified Communications Domain Manager (Cisco Unified CDM) is affected by the following vulnerabilities:<br /> <ul> <li>Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability</li> <li>Cisco Unified Communications Domain Manager Default SSH Key Vulnerability </li> <li>Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability </li> </ul> <p>Successful exploitation of the&nbsp;Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability or of the Cisco Unified Communications Domain Manager Default SSH Key Vulnerability may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system.</p> Successful exploitation of the Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability may allow an attacker to access and modify BVSMWeb portal user <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField">information such settings in the personal phone directory, speed dials, Single Number Reach, and call forward settings.</span><br /> <br /> Cisco has released free software updates that address the Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability and the Cisco Unified Communications Domain Manager Default SSH Key Vulnerability. <br /> Cisco will provide a free software update for the Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability as soon as the fix is available.<br /> <br /> Workarounds that mitigate these vulnerabilities are not available.&nbsp;Customers that are concerned about the Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability may apply the mitigation detailed in the "Workarounds" section of this advisory. <br /> <br /> <strong>Note:</strong> Due to an error in the fix of the Cisco Unified Communications Domain Manager Default SSH Key Vulnerability, all Cisco Unified CDM Platform Software releases are vulnerable regardless if a previous patch has been applied due to this security advisory. This advisory has been updated to provide additional information about the fix for the Cisco Unified Communications Domain Manager Default SSH Key Vulnerability.<br /> <br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm</a> Mon, 13 Oct 2014 15:55:13 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm Cisco IOS Software RSVP Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20RSVP%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software RSVP Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address this vulnerability.<br /> <br /> A workaround that mitigates this vulnerability is available.<br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Fri, 26 Sep 2014 19:15:33 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20DHCP%20Version%206%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.<br /> <br /> The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device.<br /> <br /> Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Session%20Initiation%20Protocol%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages.<br /> <br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip Cisco IOS Software Network Address Translation Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Network%20Address%20Translation%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Network Address Translation Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets.<br /> <br /> Cisco has released free software updates that address this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="https://tvce.cisco.com/security/AIMS/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat Cisco IOS Software Metadata Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Metadata%20Vulnerabilities&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Metadata Vulnerabilities" border='0' height='0' width='0'></img>Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device.<br /> <br /> The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition.<br /> <br /> Cisco has released free software updates that address these vulnerabilities.<br /> <br /> Workarounds that mitigate these vulnerabilities are not available. <br /> <br /> This advisory is available at the following link: <br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20Software%20Multicast%20Domain%20Name%20System&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System" border='0' height='0' width='0'></img>The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: <ul> <li>Cisco IOS Software mDNS Gateway Memory Leak Vulnerability</li> <li>Cisco IOS Software mDNS Gateway Denial of Service Vulnerability</li> </ul> Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns</a><br /> <br /> <span id="ctl00_MainBodyContainer_DgFields_ctl02_lblField"><strong>Note:</strong> The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in <em>Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication</em> at the following link: <p><a href="http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html">http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html</a></p> </span> Wed, 24 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Computing%20System%20E-Series%20Blade%20Servers%20Cisco%20Integrated%20Management%20Controller%20SSH%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability" border='0' height='0' width='0'></img><p>A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.<br /> <br /> The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.</p> Cisco has released free software updates that address this vulnerability<br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse</a> Mon, 08 Sep 2014 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20and%20Cisco%20IOS%20XE%20Software%20EnergyWise%20Crafted%20Packet%20Denial%20of%20Service%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability" border='0' height='0' width='0'></img>A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.<br /> <br /> The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.<br /><br /> Cisco has released free software updates that address this vulnerability. <br /> <br /> There are no workarounds for this vulnerability.<br /> <br /> This advisory is available at the following link:<br /> <a href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise">http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise</a> Wed, 20 Aug 2014 20:35:19 PDT http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise