NaMeX RSS Aggregator

Attention: New Cisco Security Advisory RSS Feed Locations

Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.

Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.

Cisco Unified Contact Center Express Directory Traversal Vulnerability

Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.

Cisco Unified Communications Manager Directory Traversal Vulnerability

Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.

Buffer Overflow Vulnerabilities in the Cisco WebEx Player

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.

Cisco Security Agent Remote Code Execution Vulnerabilities

Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721

Cisco Show and Share Security Vulnerabilities

The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities.

CiscoWorks Common Services Arbitrary Command Execution Vulnerability

CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability

A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks.

Cisco IOS Software Smart Install Remote Code Execution Vulnerability

A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device.

Cisco IOS Software IP Service Level Agreement Vulnerability

The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports.

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:

Multiple Vulnerabilities in Cisco Firewall Services Module

The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:

Directory Traversal Vulnerability in Cisco Network Admission Control Manager

Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.

Cisco Identity Services Engine Database Default Credentials Vulnerability

Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.

Cisco 10000 Series Denial of Service Vulnerability

The Cisco 10000 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets.

Cisco IOS Software IPv6 over MPLS Vulnerabilities

Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain.

Cisco IOS Software IPv6 Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.

Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities

Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.

Cisco IOS Software Data-Link Switching Vulnerability

Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets.

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: NetMeeting Directory (Lightweight Directory Access Protocol, LDAP); Session Initiation Protocol (Multiple vulnerabilities); H.323 protocol

Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability

Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.

Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition.

CiscoWorks LAN Management Solution Remote Code Execution Vulnerability

Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities

Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

Apache HTTPd Range Header Denial of Service Vulnerability

The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability.

Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability

A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device.

Denial of Service Vulnerability in Cisco TelePresence Codecs

Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service.

Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server

Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions.

Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager contains five (5) denial of service (DoS) vulnerabilities.

Denial of Service Vulnerabilities in Cisco Intercompany Media Engine

Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload.

Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability

Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings.

Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities

Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability. There are no workarounds for this vulnerability.

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by multiple vulnerabilities. Arbitrary Program Execution Vulnerability Local Privilege Escalation Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.

Cisco Content Services Gateway Denial of Service Vulnerability

A denial of service (DoS) vulnerability exists in the Cisco Content Services Gateway - Second Generation, that runs on the Cisco Service and Application Module for IP (SAMI). An unauthenticated, remote attacker could exploit this vulnerability by sending a series of crafted ICMP packets to an affected device. Exploitation could cause the device to reload. There are no workarounds available to mitigate exploitation of this vulnerability other than blocking ICMP traffic destined to the affected device.

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities

Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user.

Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability.

Default Credentials Vulnerability in Cisco Network Registrar

Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.

Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability

This Cisco Security Notice is being released in response to the Cisco VPN Concentrator Group Name Enumeration Vulnerability advisory published on June 20, 2005 by NTA Monitor at http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm.

Crafted DNS Packet Can Cause Denial Of Service

Cisco IPsec VPN Implementation Group Password Usage Vulnerability

Response to BugTraq - Cisco Clean Access Agent (Perfigo) Bypass

This document is provided to simplify access to Cisco responses to possible product security vulnerability issues posted in public forums for Cisco customers. This does not imply that Cisco perceives each of these issues as an actual product security vulnerability. This notice is provided on an "as is" basis and does not imply any kind of guarantee or warranty. Your use of the information on the page or materials linked from this page are at your own risk. Cisco reserves the right to change or update this page without notice at any time.

CSS SSL Authentication Bypass

The Cisco CSS 11500 Series Content Services Switches (CSS) running Secure Socket Layer (SSL) has a vulnerability that may allow a user to bypass SSL authentication and access protected content. Cisco has made free software available to address this vulnerability.

ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations

Cisco customers are currently experiencing attacks due to new worms and bots that are active on the Internet. The signature of these worms and bots appears as TCP traffic to port 445 as well as traffic to several secondary TCP ports depending on the variant of the worm. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to, high CPU and traffic drops on the input interfaces. This document focuses on both mitigation techniques and affected Cisco products that need software supplied by Cisco to patch properly.

Response to Full-Disclosure - Potential Denial of Service Bug in Cisco Pix Firewall IOS 6.2.2 and 6.3.(3.102)

Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access

This Cisco Security Notice is being released in response to the Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access advisory published on June 8, 2005 by FishNet Security at http://www.fishnetsecurity.com/csirt/disclosure/cisco/.

Vulnerability in a Variant of the TCP Timestamps Option

W32.BLASTER Worm Mitigation Recommendations

Cisco Internet Key Exchange Issue *Updated on 19-Jul-2004

Dictionary Attack on Cisco LEAP Vulnerability

Alleged Bypassing Access Control List in Cisco IOS

Exploit for Multiple Cisco Vulnerabilities *Updated on 07-May-2004 0930 PDT

Cisco Nachi Worm Mitigation Recommendations *Updated on 14-Oct-2003

Response to BugTraq - Cisco 6509 Switch Telnet Vulnerability

Response to BugTraq - PIX Denial of Service

Response to BugTraq - Cisco CSS11000 Series DoS

Data Leak in UDP Echo Service

Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software

Enumerating Locally Defined Users in Cisco IOS

Response to BugTraq - Cisco VPN Client can be used to Gain Local Administrator Rights (All Versions, Patched or Otherwise)

Response to BugTraq - Cisco ACL Bug when using VPN Crypto Engine Accelerator, PPPoE Dialer or IP Route-Cache

Response to BugTraq - Cisco Systems VPN Client Allows Local Login with Elevated Privileges

Cisco EIGRP Issue

Response to BugTraq - Cisco as5350 Crashes with nmap Connect Scan

Response to BugTraq - Cisco SCA 11000 Series Secure Content Accelerator OpenSSL Issue

The Trivial Cisco IP Phones Compromise

Response to BugTraq - VPN 3000 Gateway MTU Overflow

Response to BugTraq - Weak Cisco PIX Enable Password Encryption Algorithm

Response to BugTraq - Cisco Secure ACS Cross Site Scripting Issue

Response to BugTraq - Cisco IOS Software - Three Possible DoS Attacks

Response to BugTraq - Cisco IOS Software and ICMP Redirect Issue

CDP Issue

Response to BugTraq - HSRP Issues

Response to BugTraq - NTP Issue

Response to BugTraq - PIX Security Notes

Response to BugTraq - Catalyst 3500 Issue

Response to BugTraq - TACACS Vulnerability

Response to BugTraq - show Command Vulnerability

Attention: New Cisco Security Response RSS Feed Locations

Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Responses. The new RSS feeds for Cisco Security Responses are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityResponse.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityResponse.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.

Infected Cisco Information Packet and Warranty CDs

In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository. When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user.

Cisco IOS Software Denial of Service Vulnerabilities

This is the Cisco PSIRT (Product Security Incident Response Team) response to two postings on BugTraq by NCNIPC (China) regarding reported vulnerabilities in Cisco IOS Software.

Rootkits on Cisco IOS Devices

Updated Cisco IOS hashes file is available. This is the Cisco PSIRT response to an issue to be disclosed at the EUSecWest security conference on May 22nd, 2008 by Mr. Sebastian Muniz of Core Security Technologies.

Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability

This Cisco Security Response is an updated version of an original Cisco Security Notice, in response to the Cisco VPN Concentrator Group Name Enumeration Vulnerability advisory published on June 20, 2005, by NTA Monitor. Update to summary.

Multiple Vulnerabilities in Cisco Unified Videoconferencing Products

This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.

Cisco Unified MeetingPlace XSS Vulnerability

This is the Cisco PSIRT response to an issue discovered and reported to Cisco by Roger Jefferiss and Rob Pope of SecureTest Ltd, UK regarding cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.

Cisco Unified MeetingPlace XSS Vulnerability (November 2007)

This is the Cisco PSIRT response to an issue that was discovered and reported to Cisco by Joren McReynolds regarding a cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.

Cisco IronPort Desktop Flag Plug-in for Outlook Information Disclosure

Unmatched Request Discloses Client Internal IP Address

This is the Cisco PSIRT response to the statements made by Alejandro Hernandez H. in his advisory: "Cisco ACE XML Gateway <= 6.0 Internal IP disclosure".

Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities

Cisco IOS Cross-Site Scripting Vulnerabilities

Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities have been reported to Cisco by two independent researchers.

Cisco IP Phone 7940/7960 SIP INVITE Denial of Service

This is Cisco PSIRT's response to the statements made by Radu State in his message titled: CISCO Phone 7940 DOS vulnerability posted on 2007 March 20 0630 UTC (GMT). The original email is available at:http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053070.html Cisco has confirmed the findings of the statements made. Cisco IP Phone 7940/7960 SIP firmware version 7.4(0) is vulnerable to the denial of service. Firmware version 8.6(0) is not vulnerable to this issue. The latest firmware images for Cisco IP 7940/7960 phones can be obtained here: http://www.cisco.com/cgi-bin/tablebuild.pl/sip-ip-phone7960 We would like to thank Radu State, Humberto J. Abdelnur and Olivier Festor of the Madynes research team at INRIA for reporting these issues to Cisco Systems. We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in product reports.

Cisco Unified MeetingPlace Stored Cross-Site Scripting Vulnerability

This is the Cisco PSIRT response to an issue discovered and reported to Cisco by the National Australia Bank Security Assurance team regarding a cross-site scripting vulnerability in Cisco Unified MeetingPlace Web Conferencing.

MD5 Hashes May Allow for Certificate Spoofing

This is the Cisco response to research done by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger pertaining to MD5 collisions in certificates issued by vulnerable certificate authorities.

Cisco Response to TKIP Encryption Weakness

Cisco VLAN Trunking Protocol Vulnerability

This is the Cisco response to research done by 'showrun.lee' pertaining to a crafted VTP packet denial of service vulnerability.

VoIPshield Reported Vulnerabilities in Cisco Unity Server

This is the Cisco PSIRT response to the vulnerabilities in Cisco Unity by VoIPshield, in their recent advisories (VSRCS-2008-008 to VSRCS-2008-012). The original advisories are available at: www.voipshield.com .

Cisco Secure ACS Denial Of Service Vulnerability

This is the Cisco PSIRT response to the statements made by Laurent Butti and Gabriel Campana of Orange Labs / France Telecom Group, in their advisory: "Cisco Secure ACS EAP Parsing Vulnerability". The original advisory is available at: http://www.securityfocus.com/archive/1/495937/30/0/threaded

Internet Key Exchange Resource Exhaustion Attack

This is a Cisco PSIRT response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html, and entitled: Cisco VPN Concentrator IKE resource exhaustion DoS.

Vulnerability in Java Secure Socket Extension

This is the Cisco PSIRT response to the vulnerability in Java Secure Socket Extension (JSSE) disclosed by Sun Microsystems on July 10, 2007, the details of which are available at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1

Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability

This is the Cisco PSIRT response to a security advisory regarding a vulnerability in Common UNIX Printing System (CUPS). The CUPS security advisory can be found at http://www.cups.org/str.php?L2561.

Catalyst 6500 and Cisco 7600 Series Devices Accessible via Loopback Address

This document is the Cisco PSIRT response to an issue regarding Cisco Catalyst 6500 and Cisco 7600 series devices that was discovered and reported to Cisco by Lee E. Rian .

CiscoWorks Server XSS Vulnerability

This is the Cisco PSIRT response to an issue that was discovered and reported to Cisco by David Lewis of Liquidmatrix.org regarding a cross-site scripting (XSS) vulnerability in CiscoWorks Server login page.

Extensible Authentication Protocol Vulnerability

This is the Cisco PSIRT response to a presentation that was delivered by Laurent Butti, Julien Tinnhs and Franck Veysset of France Telecom Group at Hack.lu on October 19th, 2007.

Cisco Unified IP Phone Remote Eavesdropping

This is the Cisco PSIRT response to a presentation given at the Hack.Lu 2007 security conference by Joffery Czarny of Telindus regarding a technique to remotely eavesdrop using Cisco Unified IP Phones.

Cisco IOS Line Printer Daemon (LPD) Protocol Stack Overflow

This is the Cisco Product Security Incident Response Team (PSIRT) response to an issue discovered and reported to Cisco by Andy Davis from IRM, Plc. regarding a stack overflow in the Cisco IOS Line Printer Daemon (LPD) Protocol feature. The original post is available at the following link:

Cisco IOS Reload on Regular Expression Processing

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007 regarding the crash and reload of devices running Cisco IOS. after executing a command that uses, either directly or indirectly, a regular expression.

VTY Authentication Bypass Vulnerability

This is the Cisco PSIRT response to the NileSOFT Security Advisory entitled "Bypass Authentication Vulnerability on Cisco Catalyst 3750 12.2(25)" posted on August 29th, 2007, at 1800 UTC (GMT).

Multiple SIP Vulnerabilities in the Cisco 7960 IP Phones

This is the Cisco PSIRT response to an issue discovered and reported to Cisco by Radu State, Humberto J. Abdelnur and Oliver Festor regarding two Session Initiation Protocol (SIP) vulnerabilities in the Cisco 7940/7960 IP Phones.

Multiple Vulnerabilities in OpenSSL Library

This is the Cisco PSIRT response to the multiple security advisories published by The OpenSSL Project. The vulnerabilities are as follows: RSA Signature Forgery (CVE-2006-4339), described in http://www.openssl.org/news/secadv_20060905.txt ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940), described in http://www.openssl.org/news/secadv_20060928.txt SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738), also in http://www.openssl.org/news/secadv_20060928.txt SSLv2 Client Crash (CVE-2006-4343), also in http://www.openssl.org/news/secadv_20060928.txt

Cisco Trust Agent - Mac OS X Privilege Escalation Vulnerability

This is the Cisco PSIRT response to an issue discovered and reported to Cisco by Adam Blake of Deloitte, UK regarding a vulnerability in Cisco Trust Agent (CTA) installations on Mac OS X. The original report is available at the following link: http://www.securityfocus.com/archive/1/471041/30/0/flat.

Cisco CallManager Input Validation Vulnerability

This is Cisco PSIRT's response to the statements made by Marc Ruef and Stefan Friedi from scip AG in their message "Cisco CallManager 4.1 Input Validation Vulnerability," posted on 2007 May 23 at 1600 UTC (GMT).

HTTP Full-Width and Half-Width Unicode Encoding Evasion

The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link: http://www.kb.cert.org/vuls/id/739224

DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances

This is a Cisco response to a CERT/CC advisory posted on May 2, 2007, entitled "Cisco ASA fails to properly process DHCP relay packets".

PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces

This is a response to a Hardened-PHP Project advisory posted on November 3, 2006, entitled "PHP HTML Entity Encoder Heap Overflow Vulnerability."

Cross-Site Scripting Vulnerability in Online Help System

A cross-site scripting (XSS) vulnerability in the online help system distributed with several Cisco products has been independently reported to Cisco by Erwin Paternotte from Fox-IT and by Cassio Goldschmidt. The vulnerability would allow an attacker to execute arbitrary scripting code in a user's web browser if the attacker is successful in enticing the user to follow a specially crafted, malicious URL.

NACATTACK Presentation

This is Cisco PSIRT's response to the "NACATTACK" presentation by Dror-John Roecher and Michael Thumann, presented at Blackhat Europe on March 30th, 2007.

Cisco VTP Vulnerability

An issue has been reported to the Cisco PSIRT involving malformed VLAN Trunking Protocol (VTP) packets. This attack may cause the target device to reload, causing a Denial of Service (DoS).

Potential Exploitation of Default Administrative Credentials

This is a response to a Symantec published research paper posted on their website at http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html and http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf, and entitled 'Drive-by Pharming'. In particular, this response focuses on the information in the Symantec paper, as relevant to certain of Cisco's non-consumer products. These products are specified in the 'Cisco Routers Impacted' section below.