Security Alerts

4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0

Microsoft Comprehensive Security Alerts - Wed, 2017-11-08 10:00
Revision Note: V1.0 (November 8, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields.
Categories: Security Alerts

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

Cisco Security Advisories - Fri, 2017-11-03 14:00
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.

The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer, or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network.

The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
Security Impact Rating: Medium
CVE: CVE-2017-12319
Categories: Security Alerts

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
Security Impact Rating: High
CVE: CVE-2017-12273
Categories: Security Alerts

Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4
Security Impact Rating: Medium
CVE: CVE-2017-12282
Categories: Security Alerts

Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3
Security Impact Rating: Medium
CVE: CVE-2017-12280
Categories: Security Alerts

Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
Security Impact Rating: High
CVE: CVE-2017-12275
Categories: Security Alerts

Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition.

The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
Security Impact Rating: High
CVE: CVE-2017-12278
Categories: Security Alerts

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks.

The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2
Security Impact Rating: Medium
CVE: CVE-2017-12295
Categories: Security Alerts

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system.

The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1
Security Impact Rating: Medium
CVE: CVE-2017-12294
Categories: Security Alerts

Cisco Identity Services Engine Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.

The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise
Security Impact Rating: High
CVE: CVE-2017-12261
Categories: Security Alerts

Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information.

The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap
Security Impact Rating: Medium
CVE: CVE-2017-12279
Categories: Security Alerts

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges.

The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr
Security Impact Rating: High
CVE: CVE-2017-12277
Categories: Security Alerts

Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The attacker could read or write information from the SQL database.

The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp
Security Impact Rating: High
CVE: CVE-2017-12276
Categories: Security Alerts

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device.

The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce
Security Impact Rating: Medium
CVE: CVE-2017-12243
Categories: Security Alerts

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.

The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
Security Impact Rating: High
CVE: CVE-2017-12262
Categories: Security Alerts

Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device.

The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4
Security Impact Rating: Medium
CVE: CVE-2017-12283
Categories: Security Alerts

Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device.

The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3
Security Impact Rating: Medium
CVE: CVE-2017-12281
Categories: Security Alerts

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-11-01 14:00
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
Security Impact Rating: High
CVE: CVE-2017-12274
Categories: Security Alerts

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

Cisco Security Advisories - Mon, 2017-10-23 19:30
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data.

The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark
Security Impact Rating: Medium
CVE: CVE-2017-12310
Categories: Security Alerts

Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

Cisco Security Advisories - Mon, 2017-10-23 16:22
A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state. An attacker could exploit this vulnerability by sending a specific TCP packet to an affected device on a TCP session that is already in a TIME_WAIT state. An exploit could allow the attacker to cause a reload of the TCP stack on the affected device, resulting in a DoS condition.

This vulnerability can be exploited using either IPv4 or IPv6 packets. The vulnerability can be triggered by a crafted sequence of TCP packets destined for TCP ports listening on the device. The packets may use the IPv4 or IPv6 unicast address of any interface configured on the device.

This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited using traffic that transits an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
Security Impact Rating: High
CVE: CVE-2015-0718
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator - Security Alerts