Cisco Vulnerabilities

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Hiya

I'm going to be updating this one, as I have a few vulnerabilities from Bugtraq, but still at work :(

Multiple Crafted IPv6 Packets Cause Reload

Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial
of Service (DoS) attack from crafted IPv6 packets when the device has been
configured to process IPv6 traffic. This vulnerability requires multiple
crafted packets to be sent to the device which may result in a reload upon
successful exploitation.

Affected Products
=================

Vulnerable Products

Only the Cisco devices running IOS and configured for IPv6 are affected. A
router will display all IPv6 enabled interfaces with the show ipv6 interface
command.

An empty output or an error message will be displayed if IPv6 is disabled or
unsupported on the system. In this case the system is not vulnerable.

Sample output of show ipv6 interface command is shown below for a system
configured for IPv6.

Router#show ipv6 interface
Serial1/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00: D200
Global unicast address(es):
2001:1:33::3, subnet is 2001:1:33::/64 [TENTATIVE]
Joined group address(es):
FF02::1
FF02::1:FF00:3
FF02::1:FF00: D200
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Router#


A router that has IPv6 enabled on a physical or logical interface is vulnerable
to this issue even if ipv6 unicast-routing is globally disabled. The show ipv6
interface command can be used to determine whether IPv6 is enabled on any
interface.


Please note, that the D200 parts in the above have been given a space, otherwise a smiley face would be there :D

http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
A Cisco device running IOS® and enabled for the Border Gateway Protocol
(BGP) is vulnerable to a Denial of Service (DoS) attack from a
malformed BGP packet. Only devices with the command bgp
log-neighbor-changes configured are vulnerable. The BGP protocol is not
enabled by default, and must be configured in order to accept traffic
from an explicitly defined peer. Unless the malicious traffic appears
to be sourced from a configured, trusted peer, it would be difficult to
inject a malformed packet.


Affected Products
=================


This vulnerability is present in any unfixed version of Cisco IOS, from
the beginning of support for the BGP protocol, including versions 9.x,
10.x, 11.x and 12.x. This issue affects all Cisco devices configured
for BGP routing and running the bgp log-neighbor-changes command, which
is on by default starting with releases 12.0(22)S, 12.0(11)ST, 12.1(10)
E, 12.1(10) and later software.


http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco Routers running Internetwork Operating System (IOS) that supports Multi
Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS)
attack on MPLS disabled interfaces. A system that supports MPLS is vulnerable
even if that system is not configured for MPLS.

Affected Products
=================

Vulnerable Products

Only the following products running a vulnerable version of IOS that support
MPLS are affected.

* 2600 and 2800 series routers
* 3600, 3700 and 3800 series routers
* 4500 and 4700 series routers
* 5300, 5350 and 5400 series Access Servers


http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco IP/VC is an IP-based network videoconferencing device. Cisco IP/VC models 3510, 3520, 3525, and 3530 have a default Simple Network Management Protocol (SNMP) community string. A remote attacker, with knowledge of the community string, could gain unauthorized access to the videoconferencing device


Platforms Affected:

Cisco Systems, Inc.: Cisco IP/VC 3510-MCU
Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2B
Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2B2V
Cisco Systems, Inc.: Cisco IP/VC 3520-GW-2V
Cisco Systems, Inc.: Cisco IP/VC 3520-GW-4B
Cisco Systems, Inc.: Cisco IP/VC 3520-GW-4V
Cisco Systems, Inc.: Cisco IP/VC 3525-GW-1P
Cisco Systems, Inc.: Cisco IP/VC 3530-VTA


http://xforce.iss.net/xforce/xfdb/19196

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication.
A malicious user may be able to send a crafted attack via SSL (Secure Sockets Layer) to the concentrators which may cause the device to reload, and/or drop user connections.
Repeated exploitation will create a sustained DoS (denial of service).
Workarounds are available to mitigate this vulnerability.
Cisco has made free software available to address this vulnerability for all affected customers

Vulnerable Products
Cisco VPN 3000 series concentrators running software 4.1.7.A and earlier are affected by this vulnerability.

This series includes models 3005, 3015, 3020, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client.



http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key
Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

Successful exploitation of these vulnerabilities may permit an unauthorized
user to complete authentication and potentially access network resources.

http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Certain release trains of Cisco Internetwork Operating System (IOS),
when configured to use the IOS Secure Shell (SSH) server in combination
with Terminal Access Controller Access Control System Plus (TACACS+) as
a means to perform remote management tasks on IOS devices, may contain
two vulnerabilities that can potentially cause IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities
can result in a Denial of Service (DoS) condition. Use of SSH with
Remote Authentication Dial In User Service (RADIUS) is not affected by
these vulnerabilities.


Vulnerable Products
+------------------

These issues affect any Cisco device running an unfixed version of
Cisco IOS that supports, and is configured to use, the SSH server
functionality.


http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.


Vulnerable Products

Cisco CallManager 3.2 and earlier
Cisco CallManager 3.3, versions earlier than 3.3(5)
Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2b
Cisco CallManager 4.1, versions earlier than 4.1(3)SR1


http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic


Vulnerable Products

Only the Cisco ONS 15216 OADM running software release 2.2.2 and earlier is affected by the vulnerability described in this advisory.



http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.


Vulnerable Products

This issue affects all Cisco devices running any unfixed version of Cisco IOS
code that supports, and is configured for, IPv6. A device which supports IPv6
must have the interfaces specifically disabled to not be affected. IPv6 must be
completely disabled using both the command no ipv6 address and no ipv6 enable
on each interface.


http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network.

CCA includes as part of the architecture an Application Program Interface (API). Lack of authentication while invoking API methods can allow an attacker to bypass security posture checking, change the assigned role for a user, disconnect users and can also lead to information disclosure on configured users.

Vulnerable Products

CCA releases 3.3.0 to 3.3.9
CCA releases 3.4.0 to 3.4.5
CCA releases 3.5.0 to 3.5.3


http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,259
CiscoWorks Management Center for IDS Sensors (IDSMC) is a network security software agent that provides configuration and signature management for Cisco Intrusion Detection and Intrusion Prevention systems.

A separate but closely related product, Monitoring Center for Security (Security Monitor or Secmon), provides event collection, viewing, and reporting capability for network devices.

A malicious attacker may be able to spoof a Cisco Intrusion Detection Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a vulnerability in the SSL certificate checking functionality in IDSMC and Secmon.



Vulnerable Products
IDSMC version 2.0 and version 2.1.

CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) version 1.1 through version 2.0 and version 2.1.



http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml

Regards

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top