You are hereFeed aggregator / Sources / Cisco Security Advisories
Cisco Security Advisories
Attention: New Cisco Security Advisory RSS Feed Locations
Thu, 10/27/2011 - 03:00Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.
Categories: Spam and Incident Response Blogs
Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
Thu, 10/27/2011 - 02:00A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.
Categories: Spam and Incident Response Blogs
Cisco Unified Contact Center Express Directory Traversal Vulnerability
Thu, 10/27/2011 - 02:00Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.
Categories: Spam and Incident Response Blogs
Cisco Unified Communications Manager Directory Traversal Vulnerability
Thu, 10/27/2011 - 02:00Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.
Categories: Spam and Incident Response Blogs
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
Thu, 10/27/2011 - 02:00Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
Categories: Spam and Incident Response Blogs
Cisco Security Agent Remote Code Execution Vulnerabilities
Thu, 10/27/2011 - 02:00Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721
Categories: Spam and Incident Response Blogs
Cisco Show and Share Security Vulnerabilities
Thu, 10/20/2011 - 02:00The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities.
Categories: Spam and Incident Response Blogs
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
Thu, 10/20/2011 - 02:00CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
Categories: Spam and Incident Response Blogs
Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability
Thu, 10/13/2011 - 04:30A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks.
Categories: Spam and Incident Response Blogs
Cisco IOS Software Smart Install Remote Code Execution Vulnerability
Wed, 10/12/2011 - 05:15A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device.
Categories: Spam and Incident Response Blogs
Cisco IOS Software IP Service Level Agreement Vulnerability
Tue, 10/11/2011 - 06:20The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports.
Categories: Spam and Incident Response Blogs
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Thu, 10/06/2011 - 07:45Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:
Categories: Spam and Incident Response Blogs
Multiple Vulnerabilities in Cisco Firewall Services Module
Thu, 10/06/2011 - 02:00The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:
Categories: Spam and Incident Response Blogs
Directory Traversal Vulnerability in Cisco Network Admission Control Manager
Thu, 10/06/2011 - 02:00Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.
Categories: Spam and Incident Response Blogs
Cisco Identity Services Engine Database Default Credentials Vulnerability
Tue, 10/04/2011 - 02:45Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.
Categories: Spam and Incident Response Blogs
Cisco 10000 Series Denial of Service Vulnerability
Sat, 10/01/2011 - 09:30The Cisco 10000 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets.
Categories: Spam and Incident Response Blogs
Cisco IOS Software IPv6 Denial of Service Vulnerability
Sat, 10/01/2011 - 09:30Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.
Categories: Spam and Incident Response Blogs
Cisco IOS Software IPv6 over MPLS Vulnerabilities
Sat, 10/01/2011 - 09:30Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain.
Categories: Spam and Incident Response Blogs
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
Sat, 10/01/2011 - 09:00Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Categories: Spam and Incident Response Blogs
Cisco IOS Software Data-Link Switching Vulnerability
Sat, 10/01/2011 - 09:00Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets.
Categories: Spam and Incident Response Blogs
