Информационная безопасность
[RU] switch to English


Выполнение кода в Cisco AsyncOS
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13614
Тип:удаленная
Уровень опасности:
8/10
Описание:Выполнение кода при проверке письма.
Затронутые продукты:CISCO : AsyncOS 8.1
CVE:CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.)
Файлы:Cisco AsyncOS Software Code Execution Vulnerability

Обход аутентификации в SMB-маршрутизаторах Cisco
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13615
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно обойти аутентификацию при доступе к веб-интерфейсу.
Затронутые продукты:CISCO : Cisco RV110W
 CISCO : Cisco RV215W
 CISCO : Cisco CVR100W
CVE:CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.)
Оригинальный текстdocumentGustavo Speranza, [CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure (20.03.2014)
Файлы:Cisco Small Business Router Password Disclosure Vulnerability

Многочисленные уязвимости в Cisco Wireless LAN Controller
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13616
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждение памяти, кратковременные условия, DoS.
Затронутые продукты:CISCO : Catalyst 6500
 CISCO : Cisco 500
 CISCO : Cisco 2100
 CISCO : Cisco 4100
 CISCO : Cisco 5500
 CISCO : Catalyst 7600
 CISCO : Cisco 4400
 CISCO : Cisco 2000
 CISCO : Catalyst 3750G
 CISCO : Cisco 2500
 CISCO : Cisco Flex 7500
 CISCO : Cisco 8500
 CISCO : Cisco Virtual Wireless Controller
 CISCO : Catalyst WiSM2
 CISCO : Catalyst NME-AIR-WLC
 CISCO : Catalyst NM-AIR-WLC
CVE:CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.)
 CVE-2014-0706 (Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.)
 CVE-2014-0705 (The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.)
 CVE-2014-0704 (The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.)
 CVE-2014-0703 (Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.)
 CVE-2014-0701 (Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.)
Файлы:Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Несанкционированный доступ к Cisco Unified SIP Phone 3905
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13617
Тип:удаленная
Уровень опасности:
6/10
Описание:Недокументированный сервис на порту TCP/7870
Затронутые продукты:CISCO : Unified SIP Phone 3905
CVE:CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.)
Файлы:Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

Учетная запись по умолчанию в Cisco UCS Director
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13618
Тип:удаленная
Уровень опасности:
6/10
Описание:root-запись доступна по ssh.
Затронутые продукты:CISCO : UCS Director 4.0
CVE:CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.)

Многочисленные уязвимости безопасности в Cisco Intrusion Prevention System
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13619
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько различных DoS-условия.
Затронутые продукты:CISCO : Cisco ASA 5500
 CISCO : Cisco ASA 4200
 CISCO : Cisco ASA 4300
 CISCO : Cisco ASA 4500
CVE:CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.)
 CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.)
 CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.)
Файлы:Multiple Vulnerabilities in Cisco IPS Software

DoS против Cisco Firewall Services Module
Опубликовано:20 марта 2014 г.
Источник:
SecurityVulns ID:13620
Тип:удаленная
Уровень опасности:
5/10
Описание:Кратковременные условия в функционале cut-through proxy.
Затронутые продукты:CISCO : Catalyst 6500
 CISCO : Catalyst 7600
CVE:CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.)
Файлы:Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород