Archive for the ‘Cisco’ Category
Cisco Security Advisory for ASA 5500 series
February 24th, 2011 | 
Author: Cisco have released a security advisory which covers multiple vulnerabilities affecting the ASA 5500 series devices. Following is a brief of the vulnerabilities highlighted in the advisory:
1. Cisco ASA setup in transparent mode (software version dependant) and not configured for IPv6 is vulnerable if it receives IPv6 traffic which could cause the available packet buffer to exhaust quickly. This could cause the device to stop forwarding traffic. Note: IPv6 traffic in transit does not affect the device.
2. ASA devices configured to inspect SCCP traffic could be exploited with a specially crafted SCCP packet causing the device to reload and disruption normal operation. Only such traffic in transit can exploit this vulnerability.
3. ASA devices configured with the RIP routing protocol and Cisco phone proxy feature are vulnerable to be exploited with malformed RIP update packets causing denial of service.#
4. ASA security appliance configured as a local CA are affected by a vulnerability that could allow unauthenticated access to the device’s file system.
For further details on this advisory and details on how to obtain updates please refer to the original post here.
Posted in 
Security Advisory released for Cisco works
Cisco works , a central lan management software for cisco products has been reported vulnerable that could allow an attacker to execute arbitrary code remotely. This affects both windows and unix platforms and there are no workarounds available to mitigate this. An update has been released to address this issue. For more information on this please visit the original post here.
Cisco releases multiple security advisories
a) Cisco Unified Communications Manager:
This product has two reported vulnerabilities in the way SIP messages are processed which could be exploited by remote attackers to launch Denial of Service attacks that could lead to disruption of normal voice services.
b) Cisco IOS SSL VPN feature:
The SSL VPN feature configured with HTTP redirection in Cisco IOS is vulnerable to Denial of Service attacks. Successful exploitation by a remote attacker could cause the device to reload due to memory exhaustion.
c) Cisco IOS NAT features:
Multiple vulnerabilities have been reported in the translation of SIP, H.323 packets and H.225 signalling feature in Network Address Translation could allow an attacker to launch Denial of Service attacks.
d) Cisco IOS IGMP feature:
A vulnerability in the implementation of Internet Group management protocol, version 3 of the IOS could allow an unauthenticated attacker to launch Denial of Service attacks.
e) Cisco IOS SIP feature:
Multiple vulnerabilities in Cisco’s implementation of handling SIP in IOS could allow an unauthenticated attacker to launch Denial of Service attacks.
f) Cisco IOS H.323 feature:
Multiple vulnerabilities in Cisco’s implementation of handling H.323 in IOS could allow an unauthenticated attacker to launch Denial of Service attacks.
For further details on these advisories and additional information on how to mitigate them and obtain updates please visit the original post here.
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Cisco has released an advisory detailing multiple vulnerabilities in their Wireless LAN Controllers.
Cisco has released free software updates that address these vulnerabilities.
There are no workarounds to mitigate these vulnerabilities.
The advisory is posted here.
Multiple Vulnerabilities reported in Cisco Security Products
A range of vulnerabilities have been reported affecting the Cisco ASA 5500 and FWSM (Firewall Services Module). A brief description of these are as follows:
Sun RPC Inspection Denial of Service Vulnerability:
A total of three DoS vulnerabilities exist in the Sun RPC inspection feature of both ASA and FWSM. This could be triggered by specially crafted UDP traffic in transit causing the device to reload and persistent activity could lead to Denial of Service.
Transport Layer Security Denial of Service Vulnerability:
A total of three security vulnerabilities have been reported in the way ASA handle TLS security which could allow an unauthenticated user to exploit it using specially crafted TLS packets causing the device to reload. This only affects ASA configured to accept SSL VPN connections and TLS proxy setup for Encrypted Voice Inspection.
TCP Denial of Service Vulnerability:
Cisco FWSM configured with multiple security contexts and setup to accept Telnet or SSH connections are vulnerable to Denial of Service attacks which an unauthenticated attacker could exploit with a series or specially crafted TCP packets destined to the device after a successful TCP three-way handshake is established. This does not affect the ASA product.
Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerability:
A vulnerability exists in the SIP Inspection feature of the ASA could allow an unauthenticated attacker to exploit it using specially crafted SIP packets in transit causing the device to reload. Persistent attack could cause Denial of Service. This inspection feature in enabled by default on the ASA device.
Certified Internet Key Exchange (IKE) Message Denial of Service Vulnerability:
A vulnerability in the implementation of IKE (part of the IPSec protocol suite) in the ASA could allow an unauthenticated attacker to exploit it on a device setup for Site-to-Site VPN’s or IPSec remote access configured to receive such a message causing the device to reload.Persistent attack could cause Denial of Service
For further details on these vulnerabilities, recommended workarounds and how to get security fixes please visit the original posts:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml [Advisory for ASA]
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml [Advisory for FWSM]
Update 1 (13 Aug 2010) – Cisco have released a security advisory confirming a TCP Denial Of Service Vulnerability affecting the IOS 15.1(2) train of software released.Only TCP connections initiating or terminating at the router could trigger this vulnerability and is not affected by transit traffic. For further information on this release and information on recommended workarounds please visit the original post here.
Cisco releases Security Advisory for multiple products
Cisco have released seven security advisories covering multiple products. Brief description of these are as follows:
| Product Affected | Brief Description | Any Public Exploits | Workarounds |
| Cisco IOS Software on Cisco 7200 and Cisco 7301 with VPN Acceleration module | Vulnerability in IKE that is associated with IPSec security feature is affected where a malformed packet can cause the device to reload. Impact of this can be Denial of Service and proper functioning of the network. | None | None |
| Cisco IOS Software configured for NAT with support for SCCP Fragmentation (Cisco IOS 12.4(6) T onwards)
Note: IOS with this feature disabled and IOS XR, XE software’s are not affected |
Vulnerability in the NAT SCCP fragmentation support allows attackers to use a series of specially crafted SCCP packets that may cause the router to reload. | None | As a workaround the administrator can disable SCCP NAT support using
Router(config)# no ip nat service skinny tcp port 2000 |
| Cisco IOS XE with MPLS Support and Cisco XR (release prior to 3.5.2) | Vulnerability exists in the processing of LDP packets in an MPLS network. A remote attacker could exploit this by specially crafted LDP messages. This affects only new connections and does not get triggered by transit traffic. | None | If LDP is not required on the device then MPLS forwarding can be disabled globally. Other detailed workarounds can be found in the security advisory |
| Cisco IOS Software with H.323 voice services enabled | Vulnerability in H.323 implementation allows remote attackers to send specially crafted H.323 packets which can reload the router causing DoS | None | None |
| Cisco IOS software using SIP for voice services | Vulnerability in SIP could allow remote attackers to specially crafted SIP packets causing the device to reload. This is only triggered after a three-way handshake has occurred and the device processes the malformed packets. | None | None as SIP cannot be disabled if voice services are enabled |
| Cisco IOS software with Unified CME and Unified SRST features enabled | Vulnerability in SCCP could allow remote attackers to cause DoS by sending malformed SCCP packets to the router | None | None |
| Cisco IOS configured with a specific TCP window size, TCP path with MTu discovery or stateful NAT’s with TCP | Vulnerability in TCP processing options could allow a remote attacker to send malformed TCP segments causing the router to reload or hang. This can be exploited only at the TCP session establishment phase | None | There are currently no workarounds but other suggestions can be found in the security advisory. |
More information on these security advisories can be found from Cisco here.