Information Security all in one place!

Posts tagged “Cisco Systems

Cisco Security Advisory: Cisco WebEx Player – Buffer Overflow Vulnerabilities


The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
www.webex.com.

If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install anew version of the player after downloading the latest version from
www.webex.com.

Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex

 

 

Advertisements

Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability


 

 

Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-smartinstall

 

 


Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability


Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding (VRF) instances. This vulnerability could allow an
unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. This vulnerability could be exploited repeatedly to cause an extended DoS condition.

A workaround is available to mitigate this vulnerability.

Cisco has released free software updates that address this
vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp


Cisco: Multiple Vulnerabilities; ASA 5500, Catalyst 6500


Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities:

  • Cisco ASA UDP Inspection Engine Denial of Service Vulnerability
  • Cisco ASA Threat Detection Denial of Service Vulnerability
  • Cisco ASA Syslog Message 305006 Denial of Service Vulnerability
  • Protocol Independent Multicast Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.English: A candidate icon for Portal:Computer ...

Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa

Note: The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) may be affected by some of the vulnerabilities above.
A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco FWSM. This advisory is available at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-fwsm


Polycom: Web Management Interface; Multiple Vulnerabilities


Path Traversal on Polycom Web Management Interface:

System affected: Polycom Web Management Interface
Model: G3/HDX 8000 HD, among others
Software Version: Durango 2.6.0 Release – build #4740

Embedded Linux: Polycom Linux Development Platform v2.14.g3

Other versions or models may also be affected.

Successful exploitation of this vulnerability may allow an attacker to view content of any arbitrary file on Polycom operating system.

Detailed description:

The web management interface on the Polycom device allows users todownload two log files (“system log” and “error log“). This feature is available through the following menus:

 Diagnostics –> System Log –> Download Logs

The access to these log files is provided by the script “a_getlog.cgi”, which receives the name of the log file (“messages” or “error”) to be downloaded through URL parameter “name”, as shown on the above URL:

http://<affected_device>/a_getlog.cgi?name=messages

The Path Traversal vulnerability occurs due to lack of proper input validation on user supplied data.

This vulnerability allows the attacker to navigate in the directory structure, thus enabling access to arbitrary files in Polycom’s operating system.

As a proof-of-concept, it’s possible to download “/etc/passwd” file accessing the following URL:

http://<affected_device>/a_getlog.cgi?name=../../../etc/passwd

To fix this vulnerability, Polycom Web Management Interface should perform proper input validation, sanitizing all user supplied data before it’s used elsewhere on the web application or in the underlying operating system.

Also, Polycom Web Management Interface should not allow itself to be accessed without proper configuration of a strong administrative password.

You can read more here about this vulnerabilitiy:  http://www.tempest.com.br/advisories/tsi-adv-1201/

Customers can download version 3.0 and newer at the link provided below:

http://support.polycom.com/PolycomService/support/us/support/video/hdx_series/

Polycom Web Management Interface O.S. Command Injection

System affected: Polycom Web Management Interface

Model: G3/HDX 8000 HD
Software Version: Durango 2.6.0 Release – build #4740
Embedded Linux: Polycom Linux Development Platform v2.14.g3

Other versions or models may also be affected.

Impact: Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on Polycom operating system.

The web management interface on the Polycom device allows users to execute troubleshooting network tests by sending an ICMP echo request to user supplied hosts. This feature is available through the following menus:

 Diagnostics –> Network –> PING

This feature receives user supplied input and uses it as a parameter to the ‘ping’ command, returning the average round-trip time. For example: if the user inserts the value ‘127.0.0.1’ in the form, the system will execute the command “ping -c 1 127.0.0.1” followed by an stdout redirection to a random generated filename on /tmp directory.

The Command Injection vulnerability occurs due to lack of proper input validation on user supplied data.

UNIX based systems provide the possibility to execute multiple commands by using the semi-colon (;) character (causing the system to run all commands consecutively), thus allowing the attacker to submit a specially crafted parameter to run arbitrary commands on the underlying operating system.

The stdout redirection can be easily bypassed by adding a comment (#) symbol after the trailling command submitted by the attacker, as shown in the following example:

127.0.0.1 ; ps -ef > /tmp/command_injection.txt #

The above parameter will result in the execution of two commands:

 (#1) ping -c 1 127.0.0.1
   (#2) ps -ef > /tmp/command_injection.txt # <…>

Any command inserted by Polycom’s web management interface after user supplied input will be disabled by the comment symbol, thus allowing the attacker to precisely control what she wants to execute and where its output will be stored.

To fix this vulnerability, Polycom Web Management Interface should perform proper input validation, sanitizing all user supplied data before it’s used elsewhere on the web application or in the underlying operating system.

Also, Polycom Web Management Interface should not allow itself to be accessed without proper configuration of a strong administrative password.

Still according to Polycom, customers will be able to download version 3.0.4 by the end of March, 2012, at the link provided below:

– http://support.polycom.com/PolycomService/support/us/support/video/hdx_series/


Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers


Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless
LAN functions, such as security policies, intrusion prevention, RF
management, quality of service (QoS), and mobility.

These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:

* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds are available that mitigate some of these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Affected Products

The Cisco WLC product family is affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability.

Vulnerable Products

Each of the following products is affected by at least one of the vulnerabilities covered in this Security Advisory:

* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers

Measures to mitigate these risks can be found here: http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20120229-wlc


Cisco Releases Multiple Security Advisories


Cisco has released six security advisories to address vulnerabilities affecting the following products:

* Cius Wifi devices running Cius Software Version 9.2(1) SR1 and prior

* Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x

* Cisco Business Edition 3000, 5000, and 6000

* Cisco Unity Connection 7.1 and prior

* Cisco 2000, 2100, 2500, 4100, 4400, and 5500 Series Wireless LAN Controllers (WLCs)

* Cisco 500 Series Wireless Express Mobility Controllers

* Cisco Wireless Services Modules (WiSM) and (WiSM version 2)

* Cisco NME-AIR-WLC and NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

* Cisco Catalyst 3750G Integrated WLC

* Cisco Flex 7500 Series Cloud Controllers

* Control, Expressway, and Starter Pack Express variants of Cisco

TelePresence Video Communication Server

* Cisco SRP 521W, 526W, and 527W

* Cisco SRP 521W-U, 526W-U, and 527W-U

* Cisco SRP 541W, 546W, and 547W

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions.