Cisco patches six vulnerabilities

By Sarah Morgan

A total of six vulnerabilities in Cisco hardware and software products have been revealed and patched by the company. Security advisories and updates have been issued for several products.

The following products are vulnerable to one or more of three vulnerabilities in Cisco IPS products:

• Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM)
• Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) software and hardware modules
• Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC)
• Cisco IPS 4200 Series Sensors
• Cisco IPS 4300 Series Sensors
• Cisco IPS 4500 Series Sensors

New vulnerabilities – denial of service

• Cisco IPS Analysis Engine Denial of Service Vulnerability
• Cisco IPS Control-Plane MainApp Denial of Service Vulnerability
• Cisco IPS Jumbo Frame Denial of Service Vulnerability

Note: Some of the products can be attacked remotely without authentication, so updates are urgently needed.

The second advisory describes an unauthorised access vulnerability in the Cisco Unified SIP Phone 3905. By exploiting this vulnerability, an unauthenticated, remote attacker could gain root-level access to your affected device. Cisco Unified SIP Phone 3905 Firmware versions prior to 9.4(1) are affected.

The third advisory concerns Cisco Unified Computing System (UCS) Director Software versions prior to Cisco UCS Director Release 4.0.0.3 HOTFIX. A vulnerability in the UCS Director could allow an unauthenticated, remote attacker to take complete control of your affected device.

The last advisory concerns Cisco Firewall Services Module (FWSM) Software. The vulnerability is a race condition during memory de-allocation. An attacker, by sending the proper traffic to the module, could cause the software to reload. Repeated exploitation would cause a denial of service in the software. FWSM versions 3.1, 3.2, 4.0, and 4.1 are affected.

For more information read Larry Seltzer’s full article on ZDNet.com

About the Author:        

Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.