September 24th, 2009
Cisco drops patches for serious IOS vulnerabilities
Cisco has released a peck of patches to cover multiple security flaws in its flagship Cisco IOS (originally Internetwork Operating System), warning that the bugs exposes businesses to denial-of-service or policy bypass attacks.
In all, the networking vendor released 10 advisories covering Cisco IOS flaws and a separate alert for a vulnerability in the Cisco Unified Communications Manager.
This batch of patches, which covers vulnerabilities in the way Cisco IOS processes SIP, NTP, IKE, IP and H.323 tunnels.
- Cisco IOS Software Object-group Access Control List Bypass Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml - Cisco IOS Software Authentication Proxy Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml - Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml - Cisco Unified Communications Manager Express Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml - Cisco IOS Software H.323 Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml - Cisco IOS Software Zone-Based Policy Firewall Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml - Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml - Cisco IOS Software Network Time Protocol Packet Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml - Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml - Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml - Cisco IOS Software Tunnels Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
