6 C
London
Monday, November 20, 2017

Cisco Secure Access Control Server Role-Based Access Control URL Lack of...

A vulnerability in the role-based access control (RBAC) implementation of the Cisco Secure Access Control Server (ACS) could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portl...

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle...

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Cisco has confirmed that Cisco IOS XR Software, Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, Cisco ASA Software, and Cisco StarOS Software are affected by the vulnerability described in this advisory.Note: Affected devices that are configured with a global IPv6 address on at least one interface and are processing traffic can be exploited by a remote attacker.

Affected devices that are configured with only a link-local address on interfaces and are processing IPv6 traffic can be exploited with crafted packets only by a Layer 2 adjacent attacker.For information about which software releases are affected, see the "Fixed Software" section of this advisory.Cisco IOS XR SoftwareThe following Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS XR Software and IPv6 is enabled on one or more interfaces:Cisco 12000 Series Routers Cisco ASR 9000 Series Aggregation Services Routers Cisco Carrier Routing System Cisco Network Convergence System 4000 Series Cisco Network Convergence System 6000 Series Routers All types of line cards on those platforms are affected by this vulnerability.If a device is running an affected release of Cisco IOS XR Software and IPv6 is enabled, administrators can identify interfaces that have assigned IPv6 addresses by using the show ipv6 interface brief command in the command-line interface (CLI).

The following example shows the output of the command on a device that is running Cisco IOS XR Software with IPv6 enabled: RP/0/RP0/CPU0:router# show ipv6 interface brief<!output omitted> GigabitEthernet0/2/0/0 [Up/Up]fe80::212:daff:fe62:c150 202::1 In addition, if IPv6 is enabled, the ipv6 enable interface configuration command is present in the configuration.

The following example shows the output of a vulnerable configuration: RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0 RP/0/RP0/CPU0:router(config-if)# ipv6 enable If IPv6 is not supported by the Cisco IOS XR Software release that is running on a device, use of the show ipv6 interface brief command produces an error message.
If IPv6 is not enabled on the device, use of the show ipv6 interface brief command does not show any interfaces with IPv6 addresses.
In either scenario, the device is not affected by this vulnerability.Cisco IOS Software Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS Software and IPv6 is enabled on one or more interfaces. By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.(enable|address) privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 enable and ipv6 address appear in the output of the command.The following example shows the output of the show running-config | include ipv6.(enable|address) command on a device that is running Cisco IOS XE Software with IPv6 configured: Router# show running-config | include ipv6.(enable|address) ipv6 enable ipv6 address dhcp rapid-commitipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128ipv6 address 2001:DB8::1/64 Cisco IOS XE SoftwareThe following Cisco products are affected by this vulnerability if they are running an affected release of Cisco IOS XE Software and IPv6 is enabled on one or more interfaces that process traffic:Cisco 4300 Series Integrated Services Routers Cisco 4400 Series Integrated Services Routers Cisco ASR 900 Series Aggregation Services Routers Cisco ASR 1000 Series Aggregation Services Routers Cisco Cloud Services Router 1000V Series Switches running Cisco IOS XE Software By default, IPv6 is not enabled.This vulnerability does not depend on any specific combination of Embedded Services Processor (ESP) and Route Processor (RP) installations on the chassis.

Any combination of ESP and RP chassis installations is affected by this vulnerability.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.(enable|address) privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 enable or ipv6 address appear in the output of the command.The following example shows the output of the show running-config | include ipv6.(enable|address) command on a device that is running Cisco IOS XE Software with IPv6 configured: Router# show running-config | include ipv6.(enable|address) ipv6 enable ipv6 address dhcp rapid-commitipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128ipv6 address 2001:DB8::1/64 Cisco NX-OS SoftwareAll Cisco products running Cisco NX-OS Software are affected by this vulnerability if IPv6 is enabled on one or more interfaces that process traffic.

By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show running-config | include ipv6.address privileged EXEC command in the CLI.
If IPv6 is enabled, ipv6 address appears in the output of the command.The following example shows the output of the show running-config | include ipv6.address command on a device that is running Cisco NX-OS Software with IPv6 enabled: Router# show running-config | include ipv6.address ipv6 address 2001:DB8::1/64 Cisco ASA SoftwareIPv6 is not enabled by default.

To enable IPv6 on a Cisco ASA or Cisco ASASM, at a minimum a link-local address needs to be configured for IPv6 to operate correctly.
If a global address is configured, a link-local address is automatically configured on each interface. To verify that the Cisco ASA or Cisco ASASM has IPv6 enabled, administrators can use the show ipv6 interface command in the CLI and confirm that the command returns output.

The following example shows a Cisco ASA that has two interfaces (inside and outside) configured and IPv6 enabled: ciscoasa# show ipv6 interface outside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f42 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f42 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses. inside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f43 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f43 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses. Cisco StarOS SoftwareCisco ASR 5000 Series devices running Cisco StarOS Software are affected by this vulnerability if IPv6 is enabled on one or more interfaces that process traffic.

By default, IPv6 is not enabled.To determine whether IPv6 is enabled on one or more interfaces, administrators can use the show ipv6 interface summary privileged EXEC command in the CLI.
If IPv6 is enabled, an IPv6 address appears in the output of the command.The following example shows the output of the show ipv6 interface summary command on a device that is running Cisco StarOS Software with IPv6 enabled: [local]router# show ipv6 interface summary Friday February 21 09:00:07 UTC 2014Interface Name Address/Mask Port Status============================== =================== ================== ======int1_test_v6 2001:db8::1/64 20/1 vlan 122 UPint2_test_v6 2001:db8::2/64 21/1 vlan 122 UPint3_test_v6 2001:db8::3/64 22/1 vlan 122 UPint4_test_v6 2001:db8::4/64 23/1 vlan 130 UP Determining the Cisco IOS XR Software ReleaseTo determine which Cisco IOS XR Software release is running on a device and the name of the device on which it is running, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XR Software, Cisco IOS XR Software or similar text appears in the system banner.

The location and name of the system image file that is currently running on the device appears next to the System image file is text.

The name of the hardware product appears on the line after the name of the system image file.The following example shows the output of the show version command on a device that is running Cisco IOS XR Software Release 4.1.0 with an installed image name of mbihfr-rp.vm: RP/0/RP0/CPU0:router# show version Mon May 31 02:14:12.722 DSTCisco IOS XR Software, Version 4.1.0Copyright (c) 2010 by Cisco Systems, Inc.ROM: System Bootstrap, Version 2.100(20100129:213223) [CRS-1 ROMMON], router uptime is 1 week, 6 days, 4 hours, 22 minutesSystem image file is "bootflash:disk0/hfr-os-mbi-4.1.0/mbihfr-rp.vm"cisco CRS-8/S (7457) processor with 4194304K bytes of memory.7457 processor at 1197Mhz, Revision 1.2 Determining the Cisco IOS Software ReleaseTo determine which Cisco IOS Software release is running on a Cisco product, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears.
If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software.

The image name appears in parentheses followed by the Cisco IOS Software release number and release name.
Some Cisco devices do not support the show version command or may provide different output.The following example identifies a Cisco product that is running Cisco IOS Software Release 15.5(2)T1 with an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2015 by Cisco Systems, Inc.Compiled Mon 22-Jun-15 09:32 by prod_rel_team... Determining the Cisco IOS XE Software ReleaseTo determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco IOS XE Software, Cisco IOS XE Software or similar text appears in the system banner. The following example shows the output of the show version command on a device that is running Cisco IOS XE Software Release 3.6.2S, which maps to Cisco IOS Software Release 15.2(2)S2:  Router# show version Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Tue 07-Aug-12 13:40 by mcpre Determining the Cisco NX-OS Software ReleaseTo determine which Cisco NX-OS Software release is running on a device, administrators can log in to the device and use the show version command in the CLI.
If the device is running Cisco NX-OS Software, Cisco Nexus Operating System (NX-OS) Software or similar text appears in the system banner.The following example shows the output of the show version command for a Cisco Nexus 5000 Series Switch running Cisco NX-OS Software Release 7.1(1)N1(1):  # show versionCisco Nexus Operating System (NX-OS) SoftwareTAC support: http://www.cisco.com/tacDocuments: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.htmlCopyright (c) 2002-2012, Cisco Systems, Inc.

All rights reserved.The copyrights to certain works contained herein are owned byother third parties and are used and distributed under license.Some parts of this software are covered under the GNU PublicLicense.

A copy of the license is available athttp://www.gnu.org/licenses/gpl.html.SoftwareBIOS: version 3.6.0loader: version N/Akickstart: version 7.1(1)N1(1)system: version 7.1(1)N1(1) Determining the Cisco ASA Software ReleaseTo determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the show version command.

The following example shows a device running Cisco ASA Software Release 8.4(1): ciscoasa#show version | include VersionCisco Adaptive Security Appliance Software Version 8.4(1) Device Manager Version 6.4(1) Customers who use Cisco ASDM to manage devices can locate the software release in the table that appears in the login window or the upper-left corner of the Cisco ASDM window.Determining the Cisco StarOS Software ReleaseTo determine which Cisco StarOS Software release is running on a Cisco product, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. Each software image can be identified by its release version and its corresponding build number. The following example identifies a Cisco product that is running Cisco StarOS Software Release 15.0 (49328): [local<host_name># show versionActive Software:Image Version: 15.0 (49328)Image Branch Version: 015.000(001)Image Description: Production_BuildImage Date: Tue Apr 23 00:45:12 EDT 2013Boot Image: Unknown

Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability

A vulnerability in the web interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to perform limited configuration changes. The vulnerability is due to missing access controls in some of the web ...

Cisco Immunet Antimalware Installer DLL Preloading Vulnerability

An untrusted search path vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the ...

Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and r...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation.

An attacker could exploit this vulnerabilit...

Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability

A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router (ASR) 5000 and ASR 5500 (ASR5K) System Software could allow an unauthenticated, remote attacker to cause a partial denial of service (Do...

Vulnerability in Samba Affecting Cisco Products: May 2017

On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system. This vulnerability has been assigned CVE ID CV...

Cisco Hybrid Media Service Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect installation and permissi...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition...

Cisco Secure Access Control System SQL Injection Vulnerability

Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access ...