#
|
Impact/CVE(s)
|
Exploit
|
Cisco Rating
|
Workaround/Fix
|
ISC Rating*
|
Base
|
Temp
|
cisco-sa-20080924-iosips
|
The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition.
|
IOS IPS
CVE-2008-2739
|
none known
|
7.8
|
6.4
|
Y/Y
|
Critical
|
Handler Comments
CISCO IDS is not affected
|
cisco-sa-20080924-ssl
|
A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.
Disable services (secure-server, webvpn, or OSP settlement) Limit exposure via ACL
|
IOS SSL CVE-2008-3798
|
none Known
|
7.8
|
6.4
|
Y/Y
|
Critical
|
Handler Comments
This affects managed using SSL as well. The workaround will disable this.
|
cisco-sa-20080924-sip
|
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device.
Disable services if not needed or limit exposure via ACL
|
DOS
CVE-2008-3800
CVE-2008-3801
CVE-2008-3802
|
none known
|
7.8
|
6.4
|
Y/Y
|
Important
|
Handler Comments
SIP can use UDP -> the src_IP is spoofable which may negate the effects of an ACL intended to limit your exposure.
|
cisco-sa-20080924-cucm
|
Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services.
|
DOS
CVE-2008-3800
CVE-2008-3801
|
None known
|
7.1
7.8
|
5.9
6.4
|
Y/Y
|
Critical
|
Handler Comments
SIP can use UDP -> the src_IP is spoofable which may negate the effects of an ACL intended to limit your exposure. Can be triggered with valid SIP msgs. CUCM Versions > 5.x have SIP enabled by default and it can not be disabled.
|
cisco-sa-20080924-vpn
|
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs
|
Data Leak
CVE-2008-3803
|
none known
|
5.1
|
4.3
|
Y/Y
|
Important
|
Handler Comments
A bug exists when processing extended communities with MPLS VPNs. If extended communities are used, MPLS VPN may incorrectly use a corrupted route target (RT) to forward traffic. If this occurs, traffic can leak from one MPLS VPN to another
|
cisco-sa-20080924-mfi
|
Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected.
|
DOS
CVE-2008-3804
|
None known
|
7.8
|
6.4
|
N/Y
|
Critical
|
Handler Comments
An attacker needs to have access to the MPLS network through an MPLS-enabled interface. MPLS packets are dropped on interfaces that are not configured for MPLS.
No workaround.
|
cisco-sa-20080924-ipc
|
Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices.
Filter packets that are sent to 127.0.0.0/8 and towards UDP port 1975
|
DOS
CVE-2008-3805
|
None known
|
8.5
|
7
|
Y/Y
|
Critical
|
Handler Comments
An attacker needs to get a packet with destination address in the 127./8 range to the router which implies directly connected or use of a default route.
|
cisco-sa-20080924-ubr
|
Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device
Change Community String
|
DOS
CVE-2008-3807
|
None known
|
10
|
8.3
|
Y/Y
|
PATCH NOW
|
Handler Comments
When linecard redundancy is enabled on a Cisco uBR10012 series device, SNMP is also automatically enabled with a default community string of private that has read/write privileges. Since there are no access restrictions on this community string, it may be exploited by an attacker to gain complete control of the device. SNMP can use UDP -> the src_IP is spoofable which may negate the effects of an ACL intended to limit your exposure.
|
cisco-sa-20080924-multicast
|
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition
Specify trusted PIM neighbors AND/or enable infrastructure acls to limit exposure
|
DOS
CVE-2008-3809
|
none known
|
7.8
|
6.4
|
Y/Y
|
PATCH NOW
|
Handler Comments
PIM src_IP is spoofable which may negate the effects of an ACL intended to limit your exposure
|
cisco-sa-20080924-sccp
|
A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
|
DOS
CVE-2008-3810
CVE-2008-3811
|
None known
|
7.8
|
6.4
|
Y/Y
|
PATCH NOW
|
Handler Comments
Infrastructure acls and on device acl’s should be viable mitigations but are not mentioned in the cisco advisory. Moving the port from the default of 2000 would also make this a bit harder to exploit. You would need to modify the port on both the call manager and the IOS device supporting sccp.
|
cisco-sa-20080924-iosfw
|
Cisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device.
|
DOS
CVE-2008-3812
|
None known
|
7.8
|
6.4
|
N/Y
|
PATCH NOW
|
Handler Comments
No workaround other than disabling HTTP Deep Packet Inspection
|
cisco-sa-20080924-l2tp
|
Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable.
Enable infrastructure acls to limit exposure
|
DOS
CVE-2008-3813
|
None known
|
7.8
|
6.4
|
Y/Y
|
Critical
|
Handler Comments
L2TP can use UDP -> the src_IP is spoofable which may negate the effects of an ACL intended to limit your exposure.
|