Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco IOS, Cisco 10000, uBR10012, uBR7200 и Cisco UCM
Опубликовано:29 сентября 2008 г.
Источник:
SecurityVulns ID:9312
Тип:удаленная
Уровень опасности:
7/10
Описание:DoS через L2TP, MPLS, IPS, SIP, проблемы с SSL, утечка информации, многочисленные проблемы с мультикастами, уязвимости в NAT SCP, IOS Software firewall application inspection.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : Unified Communications Manager 4.2
 CISCO : Unified Communications Manager 4.3
 CISCO : Unified Communications Manager 5.1
 CISCO : Unified Communications Manager 6.1
 CISCO : Cisco 10000
 CISCO : Unified Communications Manager 4.1
 CISCO : Cisco uBR10012
 CISCO : Cisco uBR7200
CVE:CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.)
 CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.)
 CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.)
 CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.)
 CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.)
 CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.)
 CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.)
 CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used.)
 CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.)
 CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.)
 CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.)
 CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.)
 CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.)
 CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information (29.09.2008)
 documentCISCO, Cisco Security Advisory: Multiple Multicast Vulnerabilities in Cisco IOS Software (29.09.2008)
 documentCISCO, Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Firewall Application Inspection Control Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS MPLS Forwarding Infrastructure Denial of Service Vulnerability (29.09.2008)
 documentCISCO, Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet (29.09.2008)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability (29.09.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород