Cisco Security Advisories http://www.cisco.com/en/US/products/products_security_advisories_listing.html Cisco Security Advisories (the 40 most recent advisories) en-us © 1992-2013 Cisco Systems, Inc. All rights reserved. news-at-cisco-rss@cisco.com news-at-cisco-rss@cisco.com Wed, 12 Jun 2013 06:40:03 PST Wed, 26 Oct 2011 09:00:00 PST Security Advisories News@Cisco RSS Script http://www.cisco.com/en/US/products/products_security_advisories_listing.html 60 News@Cisco http://newsroom.cisco.com/images/mobile_newsAtCisco.png http://www.cisco.com/en/US/products/products_security_advisories_listing.html 107 70 Search Cisco searchPhrase http://www.cisco.com/pcgi-bin/search/search.pl Attention: New Cisco Security Advisory RSS Feed Locations http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Attention:+New+Cisco+Security+Advisory+RSS+Feed+Locations" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml Wed, 26 Oct 2011 09:00:00 PST Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Denial+of+Service+Vulnerability+in+Cisco+Video+Surveillance+IP+Cameras" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera Wed, 26 Oct 2011 08:00:00 PST Cisco Unified Contact Center Express Directory Traversal Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Unified+Contact+Center+Express+Directory+Traversal+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx Wed, 26 Oct 2011 08:00:00 PST Cisco Unified Communications Manager Directory Traversal Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Unified+Communications+Manager+Directory+Traversal+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm Wed, 26 Oct 2011 08:00:00 PST Buffer Overflow Vulnerabilities in the Cisco WebEx Player http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Buffer+Overflow+Vulnerabilities+in+the+Cisco+WebEx+Player" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex Wed, 26 Oct 2011 08:00:00 PST Cisco Security Agent Remote Code Execution Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Security+Agent+Remote+Code+Execution+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa Wed, 26 Oct 2011 08:00:00 PST Cisco Show and Share Security Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Show+and+Share+Security+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns Wed, 19 Oct 2011 08:00:00 PST CiscoWorks Common Services Arbitrary Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=CiscoWorks+Common+Services+Arbitrary+Command+Execution+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs Wed, 19 Oct 2011 08:00:00 PST Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability http://www.cisco.com/en/US/products/products_security_response09186a0080b98d0b.html A vulnerability exists in Cisco TelePresence Video Communication Server (VCS) due to improper validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the HTTP User-Agent header is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote attacker could exploit this vulnerability to perform reflected cross-site scripting attacks.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+TelePresence+Video+Communication+Server+Cross-Site+Scripting+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_response09186a0080b98d0b.html Wed, 12 Oct 2011 10:30:00 PST Cisco IOS Software Smart Install Remote Code Execution Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4f.shtml A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+Smart+Install+Remote+Code+Execution+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4f.shtml Tue, 11 Oct 2011 11:15:00 PST Cisco IOS Software IP Service Level Agreement Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4c.shtml The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+IP+Service+Level+Agreement+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4c.shtml Mon, 10 Oct 2011 12:20:00 PST Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97900.shtml Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Multiple+Vulnerabilities+in+Cisco+ASA+5500+Series+Adaptive+Security+Appliances+and+Cisco+Catalyst+6500+Series+ASA+Services+Module" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97900.shtml Wed, 05 Oct 2011 13:45:00 PST Multiple Vulnerabilities in Cisco Firewall Services Module http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97904.shtml The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Multiple+Vulnerabilities+in+Cisco+Firewall+Services+Module" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97904.shtml Wed, 05 Oct 2011 08:00:00 PST Directory Traversal Vulnerability in Cisco Network Admission Control Manager http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97901.shtml Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Directory+Traversal+Vulnerability+in+Cisco+Network+Admission+Control+Manager" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b97901.shtml Wed, 05 Oct 2011 08:00:00 PST Cisco Identity Services Engine Database Default Credentials Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Identity+Services+Engine+Database+Default+Credentials+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml Mon, 03 Oct 2011 08:45:00 PST Cisco 10000 Series Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d50.shtml The Cisco 10000 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+10000+Series+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d50.shtml Fri, 30 Sep 2011 15:30:00 PST Cisco IOS Software IPv6 over MPLS Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+IPv6+over+MPLS+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml Fri, 30 Sep 2011 15:30:00 PST Cisco IOS Software IPv6 Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d59.shtml Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+IPv6+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d59.shtml Fri, 30 Sep 2011 15:30:00 PST Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+Session+Initiation+Protocol+Denial+of+Service+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml Fri, 30 Sep 2011 15:00:00 PST Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d57.shtml Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+IPS+and+Zone-Based+Firewall+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d57.shtml Fri, 30 Sep 2011 15:00:00 PST Cisco IOS Software Data-Link Switching Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4e.shtml Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+Data-Link+Switching+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4e.shtml Fri, 30 Sep 2011 15:00:00 PST Cisco IOS Software Network Address Translation Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: NetMeeting Directory (Lightweight Directory Access Protocol, LDAP); Session Initiation Protocol (Multiple vulnerabilities); H.323 protocol<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+IOS+Software+Network+Address+Translation+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml Fri, 30 Sep 2011 10:30:00 PST Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Unified+Communications+Manager+Session+Initiation+Protocol+Memory+Leak+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml Wed, 28 Sep 2011 08:00:00 PST Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Jabber+Extensible+Communications+Platform+and+Cisco+Unified+Presence+XML+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml Wed, 28 Sep 2011 08:00:00 PST CiscoWorks LAN Management Solution Remote Code Execution Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=CiscoWorks+LAN+Management+Solution+Remote+Code+Execution+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml Wed, 14 Sep 2011 08:00:00 PST Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco Unified Operations Manager software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Unified+Service+Monitor+and+Cisco+Unified+Operations+Manager+Remote+Code+Execution+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml Wed, 14 Sep 2011 08:00:00 PST Apache HTTPd Range Header Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Apache+HTTPd+Range+Header+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml Thu, 08 Sep 2011 08:00:00 PST Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9250c.shtml A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Nexus+5000+and+3000+Series+Switches+Access+Control+List+Bypass+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9250c.shtml Wed, 07 Sep 2011 07:30:00 PST Denial of Service Vulnerability in Cisco TelePresence Codecs http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Denial+of+Service+Vulnerability+in+Cisco+TelePresence+Codecs" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml Thu, 01 Sep 2011 13:00:00 PST Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Open+Query+Interface+in+Cisco+Unified+Communications+Manager+and+Cisco+Unified+Presence+Server" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml Fri, 26 Aug 2011 14:00:00 PST Cisco Unified Communications Manager Denial of Service Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml Cisco Unified Communications Manager contains five (5) denial of service (DoS) vulnerabilities.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Unified+Communications+Manager+Denial+of+Service+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml Wed, 24 Aug 2011 07:00:00 PST Denial of Service Vulnerabilities in Cisco Intercompany Media Engine http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Denial+of+Service+Vulnerabilities+in+Cisco+Intercompany+Media+Engine" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml Wed, 24 Aug 2011 07:00:00 PST Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings. <img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+TelePresence+Recording+Server+Default+Credentials+for+Root+Account+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8ad3f.shtml Fri, 29 Jul 2011 06:30:00 PST Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+SA+500+Series+Security+Appliances+Web+Management+Interface+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml Wed, 20 Jul 2011 08:00:00 PST Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b89155.shtml Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability. There are no workarounds for this vulnerability.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+ASR+9000+Series+Routers+Line+Card+IP+Version+4+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b89155.shtml Wed, 20 Jul 2011 08:00:00 PST Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by multiple vulnerabilities. Arbitrary Program Execution Vulnerability Local Privilege Escalation Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Multiple+Vulnerabilities+in+Cisco+AnyConnect+Secure+Mobility+Client" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml Mon, 11 Jul 2011 07:00:00 PST Cisco Content Services Gateway Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b86503.shtml A denial of service (DoS) vulnerability exists in the Cisco Content Services Gateway - Second Generation, that runs on the Cisco Service and Application Module for IP (SAMI). An unauthenticated, remote attacker could exploit this vulnerability by sending a series of crafted ICMP packets to an affected device. Exploitation could cause the device to reload. There are no workarounds available to mitigate exploitation of this vulnerability other than blocking ICMP traffic destined to the affected device.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+Content+Services+Gateway+Denial+of+Service+Vulnerability" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b86503.shtml Wed, 06 Jul 2011 08:00:00 PST Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Cisco+RVS4000+and+WRVS4400N+Web+Management+Interface+Vulnerabilities" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml Fri, 17 Jun 2011 07:30:00 PST Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Multiple+Vulnerabilities+in+Cisco+Unified+IP+Phones+7900+Series" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml Wed, 01 Jun 2011 08:00:00 PST Default Credentials Vulnerability in Cisco Network Registrar http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80121.shtml Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.<img src="http://www.cisco.com/swa/j/zag2_vs_log1.asc?Log=1&vs_f=Cisco+Security+Advisories&vs_p=Default+Credentials+Vulnerability+in+Cisco+Network+Registrar" border="0" height="0" width="0" /> Cisco Security Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80121.shtml Wed, 01 Jun 2011 08:00:00 PST