November 23, 2014

Cisco releases security advisories about arbitrary code execution and denial-of-service vulnerabilities

(LiveHacking.Com) – Cisco has released three security advisories detailing vulnerabilites which can allow an attacker to execute arbitrary code or cause denial-of-service conditions in some of its products.

The affected products are:

  • Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA)
  • Cisco Catalyst 6500 Series ASA Service Module (Cisco ASASM)
  • Cisco AnyConnect Secure Mobility Client
  • Cisco Application Control Engine (ACE)

According to the first advisory, Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and the Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that can allow an unauthenticated, remote attacker to cause the reload of the affected device. However this vulnerability can only be triggered by IPv6 transit traffic. Cisco has released free software updates that addresses the vulnerability.

Also, the Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities that are exploited via the software update mechanisms. Details are as follows:

  • Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability
  • Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability
  • Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability
  • Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader Arbitrary Code Execution Vulnerability

Cisco has released free software updates that address these vulnerabilities.

The third advisory describes how Cisco ACE appliances or modules are vulnerable when running in multicontext mode.  According to Cisco, for this vulnerability to be exploited two or more contexts must be configured with the same management IP address. The administrator must have valid login credentials for the incorrect context when being logged in.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks