Home Tags Cisco Inc

Tag: Cisco Inc

Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability

A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is...

Cisco ASA Content Security and Control Security Services Module Denial of...

A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instabi...

Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and r...

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) message handling process of Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. T...

Encryption project issues 1 million free digital certificates in three months

Let's Encrypt, an organization set up to encourage broader use of encryption on the Web, has distributed 1 million free digital certificates in just three months. The digital certificates cover 2.5 million domains, most of which had never implemented SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts content exchanged between a system and a user.

An encrypted connection is signified in most browsers by "https" and a padlock appearing in the URL bar. "Much more work remains to be done before the Internet is free from insecure protocols, but this is substantial and rapid progress," according to a blog post by the Electronic Frontier Foundation, one of Let's Encrypt's supporters. The organization is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, Cisco, Akamai, Facebook and others. There's been a push in recent years to encourage websites to implement SSL/TLS, driven in part by a rise in cybercrime, data breaches and government surveillance. Google, Yahoo, and Facebook have all taken steps to secure their services. SSL/TLS certificates are sold by major players such as Verisign and Comodo, with certain types of certificates costing hundreds of dollars and needing periodic renewal.

Critics contend the cost puts off some website operators, which is in part why Let's Encrypt launched a free project. "It is clear that the cost and bureaucracy of obtaining certificates was forcing many websites to continue with the insecure HTTP protocol, long after we've known that HTTPS needs to be the default," the EFF wrote.

Trivial path for DDoS amplification attacks found by infosec bods

600,000 servers are vulnerable to this little-known protocol Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have discovered that the TFTP protocol (Trivial File Transfer Protocol) might be abused in a similar way. Unlike DNS and NTP, TFTP has no business being exposed on internet-facing systems. Yet port scanning research indicated that there about 599,600 publicly open TFTP servers. That’s bad in itself but the situation gets worse: the researchers discovered that TFTP offers a higher amplification factor than other internet protocols. “The discovered vulnerability could allow hackers to use these publicly open servers to amplify their traffic, similarly to other DDoS amplification attacks like DNS amplification.
If all specific conditions are met this traffic can be applied up to 60 times the original amount,” researcher Boris Sieklik told El Reg. “I also studied effects of this attack on different TFTP software implementations and found that most implementations automatically retransmit the same message up to six times, which also contributes to the amplification.” TFTP protocol (Trivial File Transfer Protocol) is a simplified version of FTP (File Transfer Protocol).
It is generally used in internal networks and in environments where OS image transfers are required regularly.

For instance, Cisco uses TFTP to send OS images to the VoIP phones and they can also be used by all Cisco equipment to update firmware or to transfer files as part of schemes to provide centralised storage of these images.

The technology is also widely used during PXE booting of machines. Essentially, any file can be transferred by TFTP. Attackers could use this vulnerability to perform large amplification attacks to both external and internal targets, Sieklik warns.
Sieklik worked together with Richard Macfarlane and Prof. William Buchanan, both of Edinburgh Napier University, in putting together the research, which also looked at ways to mitigate potential attacks and possible countermeasures. DDoS reflection/amplification attacks in general allow an attacker to magnify the amount of traffic they can generate.
Sending a dodgy request with a forged return address in the name of an intended target can generate a response, much bigger in size than the original request, hence the amplification terminology. The trick ultimately relies on using misconfigured services at third-party sites in order to flood targeted websites with junk responses to forged web requests.
Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years, the most high profile of which battered Spamhaus and buffeted internet exchanges back in March 2013. Something along the same lines might be possible, at least in theory, when it comes to TFTP, the researchers warn.

The computer scientists are unable to point to specific examples of DDoS attacks based on TFTP. More details of the research were published in the March edition of publisher Elsevier’s Computers & Security journal (synopsis here). ® Sponsored: DevOps for Dummies 2nd edition

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices. The account is created at installation...

Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the c...

Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX...

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials...

A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user...

Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an ...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager (UCDM) Software could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insuff...