Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Cisco Security Advisories 20 JUN 2012 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Security Advisories 20 JUN 2012

Cisco issued three security advisories today, 20 JUN 2012; two are new, one is an update.

  1. NEW: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
    Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6
  2. NEW: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
    The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities:
    Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability
    Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability
    Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability
    Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader Arbitrary Code Execution Vulnerability
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
  3. UPDATED: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
    A vulnerability exists in Cisco Application Control Engine (ACE) software.  Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace

Russ McRee | @holisticinfosec

 

Russ McRee

184 Posts
ISC Handler
My co-worker Rutger pointed out that the advisory states: "any system which trusts Cisco's signing certificate chain may be impacted, even if Cisco AnyConnect Secure Mobility Client has never been installed on the system."

So it is wise to implement the suggested workarounds which consists of killbits for the ActiveX controls and blacklisting the SHA-1 hashes of the vulnerable .jar files.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!