Öryggisveikleikar / Security Advisory

SSL- & WebVPN remote exploit/dos:
1. Crafter HTTPS packet will crash a device.
2. SSLVPN sessions cause a memory leak in the device.
(http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml)

Crafter UDP Packet Vulnerability:
[…] a successful attack will result in a blocked input queue in the inbound interface.
(http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml)

SIP Vulnerability:
[…] exists in the SIP implementation in Cisco IOS that can cause a reload of a Cisco IOS device.
(http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml)

SCP Privilege Excalation Vulnerability:
The server side of the Secure Copy (SCP) implementation in Cisco IOS software
contains a vulnerability that could allow authenticated users with an attached
command-line interface (CLI) view to transfer files to and from a Cisco IOS device
that is configured to be an SCP server, regardless of what users are authorized to
do, per the CLI view configuration.
(http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml)

Leave a Comment