1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cisco Vulnerabilities

Discussion in 'Networking' started by eddie5659, Jan 27, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Hiya

    I'm going to be updating this one, as I have a few vulnerabilities from Bugtraq, but still at work :(

    Multiple Crafted IPv6 Packets Cause Reload

    Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial
    of Service (DoS) attack from crafted IPv6 packets when the device has been
    configured to process IPv6 traffic. This vulnerability requires multiple
    crafted packets to be sent to the device which may result in a reload upon
    successful exploitation.

    Affected Products
    =================

    Vulnerable Products

    Only the Cisco devices running IOS and configured for IPv6 are affected. A
    router will display all IPv6 enabled interfaces with the show ipv6 interface
    command.

    An empty output or an error message will be displayed if IPv6 is disabled or
    unsupported on the system. In this case the system is not vulnerable.

    Sample output of show ipv6 interface command is shown below for a system
    configured for IPv6.

    Router#show ipv6 interface
    Serial1/0 is up, line protocol is up
    IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00: D200
    Global unicast address(es):
    2001:1:33::3, subnet is 2001:1:33::/64 [TENTATIVE]
    Joined group address(es):
    FF02::1
    FF02::1:FF00:3
    FF02::1:FF00: D200
    MTU is 1500 bytes
    ICMP error messages limited to one every 100 milliseconds
    ICMP redirects are enabled
    ND DAD is enabled, number of DAD attempts: 1
    ND reachable time is 30000 milliseconds
    Router#


    A router that has IPv6 enabled on a physical or logical interface is vulnerable
    to this issue even if ipv6 unicast-routing is globally disabled. The show ipv6
    interface command can be used to determine whether IPv6 is enabled on any
    interface.


    Please note, that the D200 parts in the above have been given a space, otherwise a smiley face would be there :D

    http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml

    Regards

    eddie
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    A Cisco device running IOSĀ® and enabled for the Border Gateway Protocol
    (BGP) is vulnerable to a Denial of Service (DoS) attack from a
    malformed BGP packet. Only devices with the command bgp
    log-neighbor-changes configured are vulnerable. The BGP protocol is not
    enabled by default, and must be configured in order to accept traffic
    from an explicitly defined peer. Unless the malicious traffic appears
    to be sourced from a configured, trusted peer, it would be difficult to
    inject a malformed packet.


    Affected Products
    =================


    This vulnerability is present in any unfixed version of Cisco IOS, from
    the beginning of support for the BGP protocol, including versions 9.x,
    10.x, 11.x and 12.x. This issue affects all Cisco devices configured
    for BGP routing and running the bgp log-neighbor-changes command, which
    is on by default starting with releases 12.0(22)S, 12.0(11)ST, 12.1(10)
    E, 12.1(10) and later software.


    http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml

    eddie
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco Routers running Internetwork Operating System (IOS) that supports Multi
    Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS)
    attack on MPLS disabled interfaces. A system that supports MPLS is vulnerable
    even if that system is not configured for MPLS.

    Affected Products
    =================

    Vulnerable Products

    Only the following products running a vulnerable version of IOS that support
    MPLS are affected.

    * 2600 and 2800 series routers
    * 3600, 3700 and 3800 series routers
    * 4500 and 4700 series routers
    * 5300, 5350 and 5400 series Access Servers


    http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml

    eddie
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco IP/VC is an IP-based network videoconferencing device. Cisco IP/VC models 3510, 3520, 3525, and 3530 have a default Simple Network Management Protocol (SNMP) community string. A remote attacker, with knowledge of the community string, could gain unauthorized access to the videoconferencing device


    Platforms Affected:

    Cisco Systems, Inc.: Cisco IP/VC 3510-MCU
    Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2B
    Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2B2V
    Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2V
    Cisco Systems, Inc.: Cisco IP/VC 3520-GW-4B
    Cisco Systems, Inc.: Cisco IP/VC 3520-GW-4V
    Cisco Systems, Inc.: Cisco IP/VC 3525-GW-1P
    Cisco Systems, Inc.: Cisco IP/VC 3530-VTA


    http://xforce.iss.net/xforce/xfdb/19196

    Regards

    eddie
     
  5. hermes

    hermes

    Joined:
    Aug 12, 2000
    Messages:
    642
    12.3.6 and later seems to be the answer
     
  6. hermes

    hermes

    Joined:
    Aug 12, 2000
    Messages:
    642
    Sorry, make that 12.3.8T or upwards
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Thanks hermes :)

    eddie
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication.
    A malicious user may be able to send a crafted attack via SSL (Secure Sockets Layer) to the concentrators which may cause the device to reload, and/or drop user connections.
    Repeated exploitation will create a sustained DoS (denial of service).
    Workarounds are available to mitigate this vulnerability.
    Cisco has made free software available to address this vulnerability for all affected customers

    Vulnerable Products
    Cisco VPN 3000 series concentrators running software 4.1.7.A and earlier are affected by this vulnerability.

    This series includes models 3005, 3015, 3020, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client.



    http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml

    eddie
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key
    Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

    Successful exploitation of these vulnerabilities may permit an unauthorized
    user to complete authentication and potentially access network resources.

    http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml

    Regards

    eddie
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Certain release trains of Cisco Internetwork Operating System (IOS),
    when configured to use the IOS Secure Shell (SSH) server in combination
    with Terminal Access Controller Access Control System Plus (TACACS+) as
    a means to perform remote management tasks on IOS devices, may contain
    two vulnerabilities that can potentially cause IOS devices to exhaust
    resources and reload. Repeated exploitation of these vulnerabilities
    can result in a Denial of Service (DoS) condition. Use of SSH with
    Remote Authentication Dial In User Service (RADIUS) is not affected by
    these vulnerabilities.


    Vulnerable Products
    +------------------

    These issues affect any Cisco device running an unfixed version of
    Cisco IOS that supports, and is configured to use, the SSH server
    functionality.


    http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml

    Regards

    eddie
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.


    Vulnerable Products

    Cisco CallManager 3.2 and earlier
    Cisco CallManager 3.3, versions earlier than 3.3(5)
    Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
    Cisco CallManager 4.1, versions earlier than 4.1(3)SR1


    http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml

    Regards

    eddie
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic


    Vulnerable Products

    Only the Cisco ONS 15216 OADM running software release 2.2.2 and earlier is affected by the vulnerability described in this advisory.



    http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml

    Regards

    eddie
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco Internetwork Operating System (IOSĀ®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.


    Vulnerable Products

    This issue affects all Cisco devices running any unfixed version of Cisco IOS
    code that supports, and is configured for, IPv6. A device which supports IPv6
    must have the interfaces specifically disabled to not be affected. IPv6 must be
    completely disabled using both the command no ipv6 address and no ipv6 enable
    on each interface.


    http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

    Regards

    eddie
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network.

    CCA includes as part of the architecture an Application Program Interface (API). Lack of authentication while invoking API methods can allow an attacker to bypass security posture checking, change the assigned role for a user, disconnect users and can also lead to information disclosure on configured users.

    Vulnerable Products

    CCA releases 3.3.0 to 3.3.9
    CCA releases 3.4.0 to 3.4.5
    CCA releases 3.5.0 to 3.5.3


    http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml

    Regards

    eddie
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    CiscoWorks Management Center for IDS Sensors (IDSMC) is a network security software agent that provides configuration and signature management for Cisco Intrusion Detection and Intrusion Prevention systems.

    A separate but closely related product, Monitoring Center for Security (Security Monitor or Secmon), provides event collection, viewing, and reporting capability for network devices.

    A malicious attacker may be able to spoof a Cisco Intrusion Detection Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a vulnerability in the SSL certificate checking functionality in IDSMC and Secmon.



    Vulnerable Products
    IDSMC version 2.0 and version 2.1.

    CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) version 1.1 through version 2.0 and version 2.1.



    http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml

    Regards

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323898

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice