Cisco announced multiple security advisories

Last week, Cisco announced more security advisories regarding multiple possible vulnerabilities for range of it’s product. I will post here just a short summary about this advisories and provide you with the links to the full descriptions of the possible problems:

October 14, 2009 – Cisco Unified Presence Denial of Service Vulnerabilities

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds.

Cisco has released free software updates that address these vulnerabilities.

Read more…

October 15, 2009 – Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities:

Malformed HTTP or HTTPS authentication response denial of service vulnerability
SSH connections denial of service vulnerability
Crafted HTTP or HTTPS request denial of service vulnerability
Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability
Cisco has released free software updates that address these vulnerabilities.

Read more…

October 19, 2009 – Cisco IOS Software Tunnels Vulnerability

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

Read more…

October 15, 2009 – Cisco IOS Software Authentication Proxy Vulnerability

Cisco IOSĀ® Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.

Cisco has released free software updates that address this vulnerability.

There are no workarounds that mitigate this vulnerability.

Read more…

October 19, 2009 – Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability

Cisco IOSĀ® devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.

Cisco has released free software updates that address this vulnerability.

Read more…

Published by

Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

Any opinion on this post? Please let me know:

This site uses Akismet to reduce spam. Learn how your comment data is processed.