Feed aggregator

Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.

The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system.

The vulnerability is due to insufficient client-side validation checks. An attacker could exploit this vulnerability by submitting a malicious POST request to the affected system. An exploit could allow the attacker to implant arbitrary files onto the affected system.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur
Security Impact Rating: Medium
CVE: CVE-2016-9210
Categories: Security Alerts

Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm
Security Impact Rating: Medium
CVE: CVE-2016-9206
Categories: Security Alerts

Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.

The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload.

The vulnerability is due to a specific TCP port listening on the local management port when it should have been internal only. An attacker could exploit this vulnerability by sending a continuous stream of TCP traffic to the targeted device on the specific TCP port. An exploit could allow the attacker to cause the controller card to unexpectedly reset. The user traffic is not impacted; however, the management port traffic could be briefly disrupted.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons
Security Impact Rating: Medium
CVE: CVE-2016-9211
Categories: Security Alerts

Cisco Emergency Responder Directory Traversal Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.

The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.

The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1
Security Impact Rating: Medium
CVE: CVE-2016-9208
Categories: Security Alerts

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

More information about CSRF is in Understanding Cross-Site Request Forgery Threat Vectors.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

More information about CSRF is in Understanding Cross-Site Request Forgery Threat Vectors.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer
Security Impact Rating: Medium
CVE: CVE-2016-6468
Categories: Security Alerts

Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.

The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.

The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability by submitting specific, crafted input to the affected framework on a targeted system. A successful exploit could allow the attacker to read arbitrary files on the targeted system.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf
Security Impact Rating: Medium
CVE: CVE-2016-9199
Categories: Security Alerts

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.

The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.

The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
Security Impact Rating: Medium
CVE: CVE-2016-1411
Categories: Security Alerts

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.

The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit this vulnerability by sending crafted IKEv2 packets during a negotiation. An exploit could allow the attacker to cause a crash of the ipsecmgr process, which will restart on its own. Only the connection being negotiated will need to re-establish.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1
Security Impact Rating: Medium
CVE: CVE-2016-9203
Categories: Security Alerts

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2016-12-07 14:00
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.

The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.

The vulnerability is due to lack of proper input validation of the IPv6 fragment lengths. An attacker could exploit this vulnerability by sending a crafted IPv6 fragment chain to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition if the NPU process unexpectedly reloads. The DoS condition could temporarily impact user traffic.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr
Security Impact Rating: Medium
CVE: CVE-2016-6467
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator