|
Cisco IOS Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA36835
|
|
|
Release Date:
|
2009-09-24
|
|
Popularity:
|
2,588 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Cisco IOS 12.x
Cisco IOS R12.x
Cisco IOS XE 2.1.x
Cisco IOS XE 2.2.x
Cisco IOS XE 2.3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device.
1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests.
Successful exploitation may allow execution of arbitrary code.
2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established.
Successful exploitation requires that the IKE certificate based authentication method is used.
3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets.
Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding.
4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies.
5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets.
Successful exploitation requires that H.323 is enabled (disabled by default).
6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload.
For more information:
SA36836
7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces).
8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists.
9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet.
10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
