Cisco Security Response http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityResponse.xml en-us 1992-2010 Cisco Systems, Inc. All rights reserved. Security Advisories Cisco Systems, Inc. 15 Distance Vector Multicast Routing Protocol Misuse http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20141006-dvmrp?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Distance%20Vector%20Multicast%20Routing%20Protocol%20Misuse&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Distance Vector Multicast Routing Protocol Misuse" border='0' height='0' width='0'></img>On October 6, 2014, John Kristoff of Team CYMRU presented at NANOG 62 the results of his research on the misuse of some debugging and troubleshooting capabilities provided by the Distance Vector Multicast Routing Protocol (DMVRP) for either distributed denial of service (DDoS) amplification attacks or information gathering purposes.<br /> <br /> The research focused on the use of the DVMRP "Ask Neighbors 2" message (which is documented at <a href="http://tools.ietf.org/html/draft-ietf-idmr-dvmrp-v3-11#page-41">http://tools.ietf.org/html/draft-ietf-idmr-dvmrp-v3-11#page-41</a>) to either:<br /> <ul> <li>query a device supporting the "Ask Neighbors 2" message in order to gather information about multicast peers (including the peer's IP address, interface on which the peer is located, and number of peers on a given interface) from the point of view of the device being queried, or,</li> <li>use a device supporting the "Ask Neighbors 2" debugging and troubleshooting message as a reflector on a DDoS amplification attack</li> </ul> Mon, 06 Oct 2014 22:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20141006-dvmrp Rootkits on Cisco IOS Devices http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20080516-rootkits?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Rootkits%20on%20Cisco%20IOS%20Devices&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Rootkits on Cisco IOS Devices" border='0' height='0' width='0'></img><p>This is the Cisco PSIRT response to an issue that was disclosed by Mr. Sebastian Muniz of Core Security Technologies at the EUSecWest security conference on May 22, 2008. </p> <p>No new vulnerability on the Cisco IOS software was disclosed during the presentation. To the best of our knowledge, no exploit code has been made publicly available, and Cisco has not received any customer reports of exploitation.</p> <p>Cisco has analyzed the available information and recommends following industry best-practices to improve the security of all network devices. Specific recommendations are available in the Additional Information section of this Security Response.</p> <p>Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. We would like to thank Mr. Sebastian Muniz and Core Security Technologies for working with us towards the goal of keeping Cisco networks and the Internet, as a whole, secure.</p> Wed, 09 Apr 2014 12:43:25 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20080516-rootkits Der Spiegel Article on Networking Equipment Infiltration http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Der%20Spiegel%20Article%20on%20Networking%20Equipment%20Infiltration&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Der Spiegel Article on Networking Equipment Infiltration" border='0' height='0' width='0'></img>On December 29, 2013, the German news publication <em>Der Spiegel</em> published an article referencing leaked documents from the U.S. National Security Agency (NSA) that mentioned "software implants" for networking devices. Cisco is one of a number of technology companies mentioned in the article:<br /> <br /> <a href="http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html">http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html</a><br /> <br /> On December 30, 2013, the Cisco Product Security Incident Response Team (PSIRT) opened an incident to investigate the alleged creation of implants for some Cisco PIX and Cisco ASA platforms.<br /> <br /> Cisco formally requested additional information about these allegations from both the United States Government and the German news publication Der Spiegel. No further details were provided.&nbsp;<br /> <br /> The Cisco PSIRT led a comprehensive evaluation of the Cisco ASA platform, working closely with the company&rsquo;s engineering, support, and supply chain organizations around the world. The Cisco ASA platform was the primary focus, as the Cisco PIX platform has reached&nbsp;<a href="http://www.cisco.com/c/en/us/products/security/pix-500-series-security-appliances/eos-eol-notice-listing.html">End of Support</a>.<br /> <br /> The investigation (PSIRT-1384943056) reviewed Cisco&rsquo;s development and supply chain procedures, historical customer support data for ASA and PIX platforms, and operational data from devices installed in various production networks in different parts of the world.&nbsp;<br /> <br /> Advice from internal and external industry experts was used to create and implement different test scenarios focusing on the Cisco ASA platform&rsquo;s BIOS, operating system, and applications. Cisco professionals from around the world conducted tests of every existing model of the Cisco ASA family.<br /> <br /> No evidence of any procedural irregularities or tampering of the BIOS, operating system, or applications was revealed. As a result, Cisco PSIRT has now closed this investigation. Thu, 13 Mar 2014 18:56:13 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel Use of Dual_EC_DRBG in Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131016-ec-drbg?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Use%20of%20Dual_EC_DRBG%20in%20Cisco%20Products&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Use of Dual_EC_DRBG in Cisco Products" border='0' height='0' width='0'></img>Cisco is aware of the industry discussion regarding the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) and the recent decision of the U.S. National Institute of Standards and Technology (NIST) to reopen the 800-90A Special Publication (SP) to public review.<br /> <br /> Cisco applauds the decision for increased public review of cryptographic standards and will monitor for any updates to NIST SP 800-90A.<br /> <br /> Cisco has completed an internal investigation and has confirmed that the Dual_EC_DRBG is not in use in any Cisco products. Wed, 16 Oct 2013 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131016-ec-drbg Cisco IOS and Cisco IOS XE Type 4 Passwords Issue http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20Cisco%20IOS%20XE%20Type%204%20Passwords%20Issue&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS and Cisco IOS XE Type 4 Passwords Issue" border='0' height='0' width='0'></img>This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the <a href="http://hashcat.net/oclhashcat-plus/" target="_blank">Hashcat Project</a> on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013.<br /> <br /> Cisco would like to thank Mr. Schmidt and Mr. Steube for sharing their research with Cisco and working toward a coordinated disclosure of this issue.<br /> <br /> This Cisco Security Response is available at <a href="http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4">http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4</a> Fri, 22 Mar 2013 18:47:54 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20121107-n1k?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Nexus%201000V%20Series%20Switch%20Software%20Release%204.2(1)SV1(5.2)%20Virtual%20Security%20Gateway%20Bypass%20Issue&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue" border='0' height='0' width='0'></img>The Cisco Product Security Incident Response Team (PSIRT) would like to notify customers of an issue that&nbsp;may impact their network security posture&nbsp;when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.2(1)SV1(5.2)&nbsp;with deployments that have Cisco Virtual Security Gateway (VSG) integration. This issue will manifest itself when administrators perform an in-service software upgrade to Software Release 4.2(1)SV1(5.2)&nbsp;from Software Release 4.2(1)SV1(5.1a)&nbsp;or earlier.<br /> <br /> After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2)&nbsp;could cause all the virtual Ethernet ports on the Virtual Ethernet Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in <strong>No-Policy pass-through</strong> mode because a valid VSG license is not actively installed. As a result, the VEMs no longer use a configured Cisco VSG; therefore, the virtual machines (VM) are not firewalled and traffic is not inspected by the VSG.<br /> <br /> This software bug is documented in Cisco Bug ID <a style="cursor: pointer; color: #663399; font-family: arial,helvetica,sans-serif; background-color: #ffffff;" href="https://tools.cisco.com/bugsearch/bug/CSCud01427">CSCud01427</a> (<a style="cursor: pointer; color: #663399; font-family: arial,helvetica,sans-serif; font-size: 12px; background-color: #ffffff;" href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) and a software bulletin for Software Release 4.2(1)SV1(5.2) is in the process of being published. Wed, 07 Nov 2012 16:00:00 PST http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20121107-n1k Multiple Vulnerabilities in OpenSSL Library http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20061108-openssl?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Library&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Multiple Vulnerabilities in OpenSSL Library" border='0' height='0' width='0'></img><p>This is the Cisco PSIRT response to the multiple security advisories published by The OpenSSL Project. The vulnerabilities are as follows: </p> <ul> <li>RSA Signature Forgery (CVE-2006-4339), described in <a href="http://www.openssl.org/news/secadv_20060905.txt" target="_blank">http://www.openssl.org/news/secadv_20060905.txt</a> <img width="18" height="18" alt="leavingcisco.com" src="http://www.cisco.com/images/exit.gif" /> </li> <li>ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940), described in <a href="http://www.openssl.org/news/secadv_20060928.txt" target="_blank">http://www.openssl.org/news/secadv_20060928.txt</a> <img width="18" height="18" alt="leavingcisco.com" src="http://www.cisco.com/images/exit.gif" /> </li> <li>SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738), also in <a href="http://www.openssl.org/news/secadv_20060928.txt" target="_blank">http://www.openssl.org/news/secadv_20060928.txt</a> <img width="18" height="18" alt="leavingcisco.com" src="http://www.cisco.com/images/exit.gif" /> </li> <li>SSLv2 Client Crash (CVE-2006-4343), also in <a href="http://www.openssl.org/news/secadv_20060928.txt" target="_blank">http://www.openssl.org/news/secadv_20060928.txt</a> <img width="18" height="18" alt="leavingcisco.com" src="http://www.cisco.com/images/exit.gif" /> </li> </ul> <p>As of this publication, there are no workarounds available for any of these vulnerabilities, but it may be possible to mitigate some of the exposure. This Security Response lists the status of each product or application when considered individually. However, in cases where multiple applications are running on the same computer, a vulnerability in one application or component can compromise the entire system. This compromise can then be leveraged against applications that would otherwise be unaffected. Therefore, users must consider all applications when determining their exposure to these vulnerabilities. Cisco strongly recommends that customers update all vulnerable applications and components to provide the greatest protection from the listed vulnerabilities. Cisco will update this document in the event of any changes. </p> Mon, 15 Oct 2012 13:20:43 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20061108-openssl NACATTACK Presentation http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070330-cta?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=NACATTACK%20Presentation&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=NACATTACK Presentation" border='0' height='0' width='0'></img><p>This is Cisco PSIRT's response to the "NACATTACK" presentation by Dror-John Roecher and Michael Thumann, presented at Blackhat Europe on March 30th, 2007. </p> <p>We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports.</p> Wed, 09 May 2012 17:33:13 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070330-cta Wi-Fi Protected Setup PIN Brute Force Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Wi-Fi%20Protected%20Setup%20PIN%20Brute%20Force%20Vulnerability&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Wi-Fi Protected Setup PIN Brute Force Vulnerability" border='0' height='0' width='0'></img><p>On December 27th, 2011 US-CERT released VU#723755 available here:<a href="http://www.kb.cert.org/vuls/id/723755"><br /> http://www.kb.cert.org/vuls/id/723755</a></p> <p>The US-CERT Vulnerability Note describes a vulnerability that exists in the Wi-Fi Alliance Wi-Fi Protected Setup (WPS) certification program. The WPS certification program is based on the Wi-Fi Simple Configuration protocol, in which an Access Point (AP) has a static PIN that allows access and configuration from an External Registrar (ER). An AP with WPS enabled and configured to use a static PIN will allow a WPS-capable ER, that provides the correct PIN, to join a properly secured network. A weakness in the protocol affects all APs that have a static PIN, and may allow an unauthenticated, remote attacker to use brute force calculations to determine the AP's PIN in a short amount of time. </p> <p>The vulnerability is due to a flaw that allows an attacker to determine when the first four digits of the eight-digit PIN are known. This effectively reduces the PIN space from 10<sup>7</sup> or 10,000,000 possible values to 10<sup>4</sup> + 10<sup>3</sup>, which is 11,000 possible values. The eighth digit of the PIN is utilized as a checksum of the first seven digits and does not contribute to the available PIN space. Because the PIN space has been significantly reduced, an attacker could find the WPS PIN in as little as a few hours.</p> <p>The affected devices listed below implement a 60-second lockout after three unsuccessful attempts to authenticate to the device.&nbsp; While this does not substantially mitigate this issue, it does increase the time to exploit the protocol weakness from a few hours to at most several days.&nbsp; It is our recommendation to disable the WPS feature to prevent exploitation of this vulnerability.&nbsp;</p> <h2>Vulnerable Products:</h2> <table cellspacing="1" cellpadding="1" style="border: thin solid; width: 60%;"> <thead> </thead> <tbody> <tr> <td style="border: thin solid; text-align: center; width: 15%; vertical-align: middle;"><strong>Product Name </strong><br /> </td> <td style="border: thin solid; text-align: center; width: 15%; vertical-align: middle;"><strong>Is the WPS feature enabled by default?</strong><br /> </td> <td style="border: thin solid; text-align: center; width: 20%; vertical-align: middle;"><strong>Can the WPS feature be permanently disabled?</strong><br /> </td> </tr> <tr> <td colspan="3" style="border: thin solid; text-align: center; vertical-align: middle;"><strong>Access Points</strong><br /> </td> </tr> <tr> <td style="border: thin solid;">Cisco WAP4410N<br /> </td> <td style="border: thin solid;">Yes</td> <td style="border: thin solid;">No<br /> </td> </tr> <tr> <td colspan="3" style="border: thin solid; text-align: center; vertical-align: middle;"><strong>Unified Communication</strong>s<br /> </td> </tr> <tr> <td style="border: thin solid;">Cisco UC320W<br /> </td> <td style="border: thin solid;">Yes<br /> </td> <td style="border: thin solid;">Yes <sup>(See Note 2)</sup><br /> </td> </tr> <tr> <td colspan="3" style="border: thin solid; text-align: center; vertical-align: middle;"><strong>Wireless Routers/VPN/Firewall Devices</strong><br /> </td> </tr> <tr> <td style="border: thin solid;">Cisco RV110W<br /> </td> <td style="border: thin solid;">Yes</td> <td style="border: thin solid;">Yes</td> </tr> <tr> <td style="border: thin solid;">Cisco RV120W<br /> </td> <td style="border: thin solid;">No </td> Wed, 29 Feb 2012 20:15:55 PST http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps Internet Key Exchange Resource Exhaustion Attack http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060726-ike?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Internet%20Key%20Exchange%20Resource%20Exhaustion%20Attack&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Internet Key Exchange Resource Exhaustion Attack" border='0' height='0' width='0'></img><p>This is a Cisco response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at <a href="http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html">http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html</a>, and entitled: Cisco VPN Concentrator IKE resource exhaustion DoS.</p> <p>This issue is being tracked by the following Cisco Bug IDs:</p> <ul> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCse70811">CSCse70811</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco IOS® software)</li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCse89808">CSCse89808</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco VPN 3000 Concentrators)</li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCsb51032">CSCsb51032</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) and <a href="https://tools.cisco.com/bugsearch/bug/CSCsb50996">CSCsb50996</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco PIX firewalls running pre-7.x code)</li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCse92254">CSCse92254</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco PIX firewalls and Cisco ASA appliances running 7.x code)</li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCse92527">CSCse92527</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco Firewall Services Module [FWSM] for Cisco Catalyst 6500 switches and Cisco 7600 Series routers)</li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCse96516">CSCse96516</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco SAN-OS on MDS devices) </li> <li> <a href="https://tools.cisco.com/bugsearch/bug/CSCek52553">CSCek52553</a> ( <a href="http://tools.cisco.com/RPF/register/register.do">registered</a> customers only) (Cisco IOS XR software)</li> </ul> <p>We thank Roy Hills from NTA Monitor Ltd for reporting this issue to Cisco. We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports. </p> Tue, 18 Oct 2011 14:39:25 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060726-ike Infected Cisco Information Packet and Warranty CDs http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20110803-cd?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Infected%20Cisco%20Information%20Packet%20and%20Warranty%20CDs&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Infected Cisco Information Packet and Warranty CDs" border='0' height='0' width='0'></img><p>In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository. When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user.</p> <p>To the best of our knowledge, starting from December 2010 until the time of this document's publication on August 3, 2011, customers were never in a position to have their computer compromised by using the CDs provided by Cisco. Additionally, the third-party site in question is currently inactive as a malware repository, so customers are not in immediate danger of having their computers compromised. However, if this third-party web site would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser.</p> <p>All warranty CDs printed with "Revision -F0" (or later) do not contain references to the third-party website and do not introduce a potential to compromise customers' computers. </p> <p>This issue was reported to Cisco by William Haisch. Cisco appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports.</p> Wed, 03 Aug 2011 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20110803-cd Cisco IOS Software Denial of Service Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20110505-ios?vs_f=Cisco%20Security%20Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20Software%20Denial%20of%20Service%20Vulnerabilities&vs_k=1 <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco Security Response&vs_cat=Security%20Intelligence&vs_type=RSS&vs_k=1&vs_p=Cisco IOS Software Denial of Service Vulnerabilities" border='0' height='0' width='0'></img><p>This is the Cisco PSIRT (Product Security Incident Response Team) response to two postings on BugTraq by NCNIPC (China) regarding reported vulnerabilities in Cisco IOS Software.</p> <p>The original reports are available at the following links: </p> <ul> <li> <a href="http://www.securityfocus.com/archive/1/517863" target="_blank">Cisco IOS UDP Denial of Service Vulnerability</a> <img width="18" height="18" src="http://www.cisco.com/images/exit.gif" alt="leavingcisco.com" /> </li> <li> <a href="http://www.securityfocus.com/archive/1/517865/30/0/threaded" target="_blank">Cisco IOS SNMP Message Processing Denial Of Service Vulnerability</a> <img width="18" height="18" src="http://www.cisco.com/images/exit.gif" alt="leavingcisco.com" /> </li> </ul> <p>We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports.</p> Tue, 05 Apr 2011 16:00:00 PDT http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20110505-ios