Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Two New Cisco Vulnerabilities InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Two New Cisco Vulnerabilities

Published: 2008-01-23
Last Updated: 2008-01-24 01:17:54 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Cisco released two advisories today, one for a risk of leaving a root account without a password in the Cisco Application Velocity System (AVS) and one for a potential DoS (forced reload) of the PIX 500 series and the Adaptive Security Appliance (ASA) for the Cisco 5500 series.

The AVS prior to version 5.1.0 doesn't prompt users to modify the system password during initial config, which potentially leaves you with a privileged account without a password. The CVS ID for this is CVE-2008-0029 and full details can be found here:

http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml

The PIX and ASA are vulnerable to a specifically created packet when they have the TTL decrement feature enabled. The CVS ID for this is CVE-2008-0028 and full details can be found here:

http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml

Keywords:
0 comment(s)
Diary Archives