Posts etiquetados ‘cisco vulnerability’

Cisco IronPort Desktop Flag Plug-in for Outlook is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Cisco IronPort Desktop Flag Plug-in for Outlook versions 6.2.4.3, up to but not including 6.5.0-006, are vulnerable.

This issue is being tracked by Cisco IronPort bug 65623.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.

Attackers can exploit this issue to avoid having client IP addresses logged by servers.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability

Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet Denial of Service Vulnerability

Cisco IOS NAT SCCP Fragmentation Support Denial of Service Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability

Cisco IOS SIP Message (CVE-2010-0579) Remote Code Execution Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability

Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet Denial of Service Vulnerability

Cisco IOS NAT SCCP Fragmentation Support Denial of Service Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability

Cisco IOS SIP Message (CVE-2010-0579) Remote Code Execution Vulnerability

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


1- Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability

A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml

2- Multiple Vulnerabilities in Cisco Digital Media Manager

Multiple vulnerabilities exist in the Cisco Digital Media Manager (DMM). This security advisory outlines details of the following
vulnerabilities:

  • Default credentials
  • Privilege escalation vulnerability
  • Information leakage vulnerability

These vulnerabilities are independent of each other. There are no workarounds that can mitigate any of these vulnerabilities.

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml

3- Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.

To address these vulnerabilities, Cisco has released free software updates for select Cisco Unified Communications Manager versions.
There is a workaround for of one the vulnerabilities.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com | cisco.com


Cisco IOS and CatOS are prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.

This issue is being tracked by Cisco Bug IDs CSCsv05934 and CSCsv11741.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

cisco