October 20, 2014

Cisco Releases New Security Advisories

(LiveHacking.Com) – Cisco has released three new security advisories to address vulnerabilities in the products:

  • Cisco ASA 5500 Series Adaptive Security Appliances (ASA)
  • Cisco Catalyst 6500 Series ASA Service Module (ASASM)
  • Cisco Catalyst 6500 Series Firewall Service Module (FWSM)
  • Cisco Adaptive Security Appliance Software 7.1 and 7.2
  • Cisco Adaptive Security Appliance Software 8.0, 8.1, 8.2, 8.3, 8.4, 8.6

The first set of vulnerabilies are found in the Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM). The Cisco ASA UDP inspection engine that is used to inspect UDP-based protocols contains a vulnerability that could allow a remote unauthenticated attacker to trigger a reload of the Cisco ASA. The vulnerability is due to improper flow handling by the inspection engine. An attacker could exploit this vulnerability by sending a specially crafted sequence through the affected system.

Next, it has been revealed that the Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) denial of service vulnerability. A vulnerability exists in the way PIM is implemented that may cause affected devices to reload during the processing of a PIM message when multicast routing is enabled. The vulnerability is due to improper handling of PIM messages. An attacker could exploit this vulnerability by sending a crafted PIM message to the affected system.

Lastly, Cisco is warning that the client side ActiveX control  used with Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser.

Cisco has released free software updates that address these vulnerabilities. More details can be found at cisco-sa-20120314-asacisco-sa-20120314-fwsm, and cisco-sa-20120314-asaclient.

Cisco Issues Multiple Security Advisories

(LiveHacking.Com) – Cisco has published three different security advisories detailing vulnerabilities in the Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager.

If exploited, these vulnerabilities would allow an attacker to cause a denial-of-service condition, bypass authentication mechanisms, or obtain sensitive information.

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:

  • MSN Instant Messenger (IM) Inspection Denial of Service vulnerability
  • TACACS+ Authentication Bypass vulnerability
  • Four SunRPC Inspection Denial of Service vulnerabilities
  • Internet Locator Service (ILS) Inspection Denial of Service vulnerability

The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:

  • Syslog Message Memory Corruption Denial of Service Vulnerability
  • Authentication Proxy Denial of Service Vulnerability
  • TACACS+ Authentication Bypass Vulnerability
  • Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities
  • Internet Locator Server (ILS) Inspection Denial of Service Vulnerability

The Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.

Network administrators should review the security advisories cisco-sa-20111005-asacisco-sa-20111005-fwsm, and cisco-sa-20111005-nac and apply any necessary updates.