+ Cisco Security Advisories +

Cisco Security Advisories (the 40 most recent advisories)
Copyright: © 1992-2009 Cisco Systems, Inc. All rights ...

Last Update: Sun Jun 7 12:27:47 2009

+ CiscoWorks TFTP Directory Traversal Vulnerability + ...

+ Multiple Multicast Vulnerabilities in Cisco IOS Software + Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of ...

+ Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities + Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to ...

+ Vulnerability in Cisco IOS While Processing SSL Packet + A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The ...

+ Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability + A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS ...

+ Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability + Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) [...] by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected.

+ Cisco uBR10012 Series Devices SNMP Vulnerability + Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if ...

+ Cisco IOS IPS Denial of Service Vulnerability + The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use ...

+ Cisco IOS NAT Skinny Call Control Protocol Vulnerability + A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network ...

+ Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability + Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel [...] could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected.

+ Cisco IOS Software Firewall Application Inspection Control Vulnerability + Cisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy [...] a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device.

+ Cisco IOS MPLS VPN May Leak Information + Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private [...] Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

+ Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances + ...

+ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities + Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the ...

+ Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability + A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to ...

+ Cisco IOS Software Multiple Features IP Sockets Vulnerability + A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several ...

+ Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability + Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are [...] UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

+ Cisco IOS cTCP Denial of Service Vulnerability + A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers [...] this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative.

+ Cisco IOS Software WebVPN and SSLVPN Vulnerabilities + Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely ...

+ Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities + Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile ...

+ Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability + Cisco IOS? Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) ...

+ Cisco IOS Software Secure Copy Privilege Escalation Vulnerability + The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated [...] the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.

+ Multiple Vulnerabilities in Cisco Wireless LAN Controllers + ...

+ Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability + ...

+ Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine + The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 ...

+ Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability + A denial of service (DoS) vulnerability exists in the Cisco Session Border Controller (SBC) for the Cisco 7600 series routers. Cisco ...

+ Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability + Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an ...

+ Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities + Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device [...] of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.

+ Cisco Unified Communications Manager CAPF Denial of Service Vulnerability + Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate [...] service. Exploitation of this vulnerability could cause an interruption in voice services. The CAPF service is disabled by default.

+ Cisco Security Manager Vulnerability + Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on [...] and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server.

+ Cisco ONS Platform Crafted Packet Vulnerability + The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH [...] Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card.

+ IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities + IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a ...

+ Cisco Global Site Selector Appliances DNS Vulnerability + The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System ...

+ Multiple Vulnerabilities in Cisco PIX and Cisco ASA. + Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. ...

+ Authentication Bypass in Cisco Unity + A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters [...] has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

+ Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks + ...

+ Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA + Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may ...

+ Vulnerability in Cisco WebEx Meeting Manager ActiveX Control + An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may [...] meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting.

+ Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets + Cisco IOS devices may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, ...

+ Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers + A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) [...] which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.