Security Alerts

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

Cisco Security Advisories - Mon, 2017-10-16 12:00
On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.

Multiple Cisco wireless products are affected by these vulnerabilities.

Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Security Impact Rating: High
CVE: CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088
Categories: Security Alerts

Cisco Meshed Wireless LAN Controller Impersonation Vulnerability

Cisco Security Advisories - Fri, 2017-10-06 12:32
A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology.

The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system.

Cisco has released software updates that address this vulnerability. Note that additional configuration is needed in addition to upgrading to a fixed release. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh
Security Impact Rating: High
CVE: CVE-2017-3854
Categories: Security Alerts

Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability

Cisco Security Advisories - Fri, 2017-10-06 12:32
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
Security Impact Rating: High
CVE: CVE-2016-9194
Categories: Security Alerts

Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 17:22
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website.

The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to connect to a website that should be blocked.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1
Security Impact Rating: Medium
CVE: CVE-2016-9212
Categories: Security Alerts

Cisco AnyConnect Network Access Manager Dual-Homed Interface Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters.

The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam
Security Impact Rating: Medium
CVE: CVE-2017-12268
Categories: Security Alerts

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms
Security Impact Rating: Medium
CVE: CVE-2017-12257
Categories: Security Alerts

Cisco Wide Area Application Services ICA Accelerator Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition.

The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting.

There are no workarounds that address this vulnerability

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas1
Security Impact Rating: Medium
CVE: CVE-2017-12267
Categories: Security Alerts

Cisco Wide Area Application Services Denial-of-Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device.

The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-waas
Security Impact Rating: Medium
CVE: CVE-2017-12256
Categories: Security Alerts

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack.

The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm
Security Impact Rating: Medium
CVE: CVE-2017-12258
Categories: Security Alerts

Cisco Spark Messaging Stored Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack.

The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-sprk
Security Impact Rating: Medium
CVE: CVE-2017-12269
Categories: Security Alerts

Cisco IOS XR Software Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops.

The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs
Security Impact Rating: Medium
CVE: CVE-2017-12270
Categories: Security Alerts

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device.

The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd


Security Impact Rating: High
CVE: CVE-2017-12245
Categories: Security Alerts

Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.

The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort


Security Impact Rating: High
CVE: CVE-2017-12244
Categories: Security Alerts

Cisco Meeting Server Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cms
Security Impact Rating: Medium
CVE: CVE-2017-12264
Categories: Security Alerts

Cisco Meeting App Local Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App.

The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-cma
Security Impact Rating: Medium
CVE: CVE-2017-12266
Categories: Security Alerts

Cisco License Manager Directory Traversal Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted.

The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files which may contain sensitive information.

Cisco has not released and will not release a software update to address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm
Security Impact Rating: High
CVE: CVE-2017-12263
Categories: Security Alerts

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations can be found at:

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa1
Security Impact Rating: Medium
CVE: CVE-2017-12265
Categories: Security Alerts

Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2017-10-04 14:00
A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems that have the direct authentication feature enabled. This vulnerability can be triggered by IPv4 or IPv6 traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa
Security Impact Rating: High
CVE: CVE-2017-12246
Categories: Security Alerts

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Cisco Security Advisories - Tue, 2017-10-03 18:38
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
Security Impact Rating: High
CVE: CVE-2017-6619
Categories: Security Alerts

Cisco Integrated Management Controller Remote Code Execution Vulnerability

Cisco Security Advisories - Tue, 2017-10-03 18:37
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device.

The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. Successful exploitation could allow an unauthenticated attacker to execute system commands with root-level privileges.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
Security Impact Rating: Critical
CVE: CVE-2017-6616
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator - Security Alerts