Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco Security Advisories 20 JUN 2012 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Security Advisories 20 JUN 2012

Cisco issued three security advisories today, 20 JUN 2012; two are new, one is an update.

  1. NEW: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
    Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6
  2. NEW: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
    The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities:
    Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability
    Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability
    Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability
    Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader Arbitrary Code Execution Vulnerability
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
  3. UPDATED: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
    A vulnerability exists in Cisco Application Control Engine (ACE) software.  Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace

Russ McRee | @holisticinfosec

 

 Russ McRee

201 Posts
ISC Handler
Jun 21st 2012
Thread locked Subscribe Jun 21st 2012
9 years ago
My co-worker Rutger pointed out that the advisory states: "any system which trusts Cisco's signing certificate chain may be impacted, even if Cisco AnyConnect Secure Mobility Client has never been installed on the system."

So it is wise to implement the suggested workarounds which consists of killbits for the ActiveX controls and blacklisting the SHA-1 hashes of the vulnerable .jar files.
 Anonymous
Quote Jun 26th 2012
9 years ago

Sign Up for Free or Log In to start participating in the conversation!