Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CISCO Security Advisories - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CISCO Security Advisories

 CISCO has released a number of security advisories.   The following table summarises the information.  for more details check out the full advisory on the CISCO site. 

#

Product

CVSS Score

Base/Temp

Impact

Work Around/Fix

Mitigation

Exploit avail?

cisco-sa-20090923-cm*

Unified Communications Manager

7.8 / 6.4

DOS

reload of device

N / Y

Filter 5060/5061 on screening devices

Not known

cisco-sa-20090923-acl

IOS

4.3 / 3.6

Unauth access to protected resources

N / Y

Disable Object Groups for ACL feature

Not known

cisco-sa-20090923-cme*

Unified Communications Manager Express

7.6 /6.3

Code execution/DOS

N / Y

Disable Extension Mobility

Not known

cisco-sa-20090923-h323*

IOS

7.8 / 6.4

H.323 DOS Reload of device

N / Y

Disable H.323

Not known

cisco-sa-20090923-ios-fw*

IOS-FW

7.8 / 6.4

DOS

reload of device

Y / Y

Disable SIP Inspection

Not known

cisco-sa-20090923-ntp

IOS

7.8 / 6.4

DOS

reload of device

N / Y

Disable NTP

Not known

cisco-sa-20090923-sip*

IOS

7.8 / 6.4

DOS

reload of device

N / Y

Disable SIP 

Not known

cisco-sa-20090923-ipsec

IOS-IPSEC

7.8 / 6.4

DOS

exhaust all SAs

N / Y

None

Not known

cisco-sa-20090923-tls**

IOS

(ASA is not vulnerable)

7.8 / 6.4

DOS

reload of device

N / Y

Disable web VPN, protect SSH access

Not known

cisco-sa-20090923-auth-prox

IOS

7.1 / 5.9

Auth Bypass

N / Y

None

Not known

cisco-sa-20090923-tunnels

IOS

7.1 / 5.9

DOS

reload of device

Y / Y

Disable CISCO express Forwarding

Not known

 *Issues are VoIP related so may not apply to you 
** Possible the more urgent one as a specific packet sent to the device will cause it to reload.  

For more information on the CVSS score see http://nvd.nist.gov/cvss.cfm?vectorinfo make sure you apply your site specific modifiers to get a score relevant to your organisation.

As always, test, test again and have a backout plan before applying updates.

 

Mark H 

 Mark

392 Posts
ISC Handler
Sep 24th 2009
Thread locked Subscribe Sep 24th 2009
1 decade ago
I am a bit confused by the information in the table. Doesn't the Mitigation information supplied suggest that a Workaround is available? Can anyone help clear this up for me please? Thanks in advance.
 Anonymous
Quote Sep 24th 2009
1 decade ago
Good question. I considered a work around as something you can do which will allow you to continue using the function, but not be vulnerable.
The mitigation is how do I make the device safe, but not necessarily use the function. From the mitigations in the table, most of them are "Switch it off" Not vulnerable, but I can't use it for that function. - M
Mark

392 Posts
ISC Handler
Quote Sep 25th 2009
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!