|
Cisco Security Advisories
|
Cisco Security Advisories (the 40 most recent advisories)
|
|
-
Attention: New Cisco Security Advisory RSS Feed Locations
Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.
-
Cisco Security Agent Remote Code Execution Vulnerabilities
Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721
-
Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
-
Cisco Unified Communications Manager Directory Traversal Vulnerability
Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. 
-
Cisco Unified Contact Center Express Directory Traversal Vulnerability
Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. 
-
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
-
Cisco Show and Share Security Vulnerabilities
The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. 
-
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
-
Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability
A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks.
-
Cisco IOS Software Smart Install Remote Code Execution Vulnerability
A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. 
-
Cisco IOS Software IP Service Level Agreement Vulnerability
The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports.
-
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:
-
Multiple Vulnerabilities in Cisco Firewall Services Module
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:
-
Directory Traversal Vulnerability in Cisco Network Admission Control Manager
Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.
-
Cisco Identity Services Engine Database Default Credentials Vulnerability
Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device. 
|
