NUEVA VULNERABILIDAD, Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure Vulnerability

Cisco IronPort Desktop Flag Plug-in for Outlook is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Cisco IronPort Desktop Flag Plug-in for Outlook versions 6.2.4.3, up to but not including 6.5.0-006, are vulnerable.

This issue is being tracked by Cisco IronPort bug 65623.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


Anuncios

NUEVA VULNERABILIDAD, Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness

Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.

Attackers can exploit this issue to avoid having client IP addresses logged by servers.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

NUEVAS VULNERABILIDADES, que afectan a Cisco.

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability

Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet Denial of Service Vulnerability

Cisco IOS NAT SCCP Fragmentation Support Denial of Service Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability

Cisco IOS SIP Message (CVE-2010-0579) Remote Code Execution Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability

Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet Denial of Service Vulnerability

Cisco IOS NAT SCCP Fragmentation Support Denial of Service Vulnerability

Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability

Cisco IOS SIP Message (CVE-2010-0579) Remote Code Execution Vulnerability

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


NUEVAS VULNERABILIDADES, aque afectan al fabricante Cisco.

1- Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability

A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml

2- Multiple Vulnerabilities in Cisco Digital Media Manager

Multiple vulnerabilities exist in the Cisco Digital Media Manager (DMM). This security advisory outlines details of the following
vulnerabilities:

  • Default credentials
  • Privilege escalation vulnerability
  • Information leakage vulnerability

These vulnerabilities are independent of each other. There are no workarounds that can mitigate any of these vulnerabilities.

http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml

3- Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.

To address these vulnerabilities, Cisco has released free software updates for select Cisco Unified Communications Manager versions.
There is a workaround for of one the vulnerabilities.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com | cisco.com