Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Cisco Security Advisories - 29FEB2011 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Security Advisories - 29FEB2011

 Cisco has issued five security advisories today, including:

 

Adverse conditions include DoS, directory traversal, command injection, unauthenticated upload, privilege escalation, and protocol manipulation. Test and update as appropriate.

[Update (JBU) ] The "Skinny" vulnerability sounds interesting as it does allow the execution of SQL code on the device. SQL injection via Skinny is certainly an interesting attack vector. Another more serious vulnerability is the configuration access problem and access control bypass in wireless LAN controllers.

 

Russ McRee @holisticinfosec

 

Russ McRee

194 Posts
ISC Handler
Feb 29th 2012
Already seeing the Skinny SQL attack successfully hitting some of my client systems. The result was an ANY/ANY rule being created on the ASA... Get patching people!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!