June 17, 2021

Cisco Issues Multiple Security Advisories

(LiveHacking.Com) – Cisco has published three different security advisories detailing vulnerabilities in the Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager.

If exploited, these vulnerabilities would allow an attacker to cause a denial-of-service condition, bypass authentication mechanisms, or obtain sensitive information.

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:

  • MSN Instant Messenger (IM) Inspection Denial of Service vulnerability
  • TACACS+ Authentication Bypass vulnerability
  • Four SunRPC Inspection Denial of Service vulnerabilities
  • Internet Locator Service (ILS) Inspection Denial of Service vulnerability

The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:

  • Syslog Message Memory Corruption Denial of Service Vulnerability
  • Authentication Proxy Denial of Service Vulnerability
  • TACACS+ Authentication Bypass Vulnerability
  • Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities
  • Internet Locator Server (ILS) Inspection Denial of Service Vulnerability

The Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.

Network administrators should review the security advisories cisco-sa-20111005-asacisco-sa-20111005-fwsm, and cisco-sa-20111005-nac and apply any necessary updates.