Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple Cisco Security Notice - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple Cisco Security Notice

"Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device."[1]
"A vulnerability in the memory management when executing either the show monitor session all or show monitor session command-line interface (CLI) commands on the Cisco Unified Computing System (UCS) 6100 Series Fabric Interconnects could allow an authenticated, local attacker to trigger a memory leak."[2]
"A vulnerability in the Routing Information Protocol (RIP) process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash."[3]
"A vulnerability in Web Administrator Interface of Cisco Wireless LAN Controllers (WLC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition."[4]

[1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3463
[2] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467
[3] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3470
[4] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

441 Posts
ISC Handler
I am not able to find any more info about #1 other than the link provided.... (which doesn't give any details or software version remedies)...and I am also not seeing it listed here...

http://tools.cisco.com/security/center/publicationListing.x

Did this advisory get pulled after it was first published by any chance?
K-Dee

63 Posts
The other link we have is tools.cisco.com/security/center/… with:

Version Summary: Cisco Adaptive Security Appliance Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available.
Guy

441 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!