Wednesday December 3, 2008 6:32 AM AEST

SC Magazine Australia/NZ > News > Patch Management > Cisco > Cisco patches 12 vulnerabilities

Vulnerability Alerts

SANS

Microsoft

MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3
MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) - Version:2.0

CERT/CC

Latest Comments

"I feel it with you guys. These irritating interruptions on privacy MUST be stopped. It is a ..."

on Yahoo and Microsoft take aim at lottery scams

by Jan Wilmans | Dec 2, 2008 7:11 PM

"My AVG WILL NOT UPDATE"

on AVG update deletes critical Windows file

by James Downs | Dec 2, 2008 5:58 AM

"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."

on Shavlik Technologies to broaden its patch management offerings

by Werner K | Nov 26, 2008 8:36 PM

"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."

on Companies have security to consider with in-the-cloud Office

by SGE | Nov 25, 2008 3:29 PM

"how many users allow per session? because the digital persona password manager allows only 10 ..."

on DigitalPersona Pro Workstation/Pro Server

by Daniel | Nov 25, 2008 12:14 AM

Cisco

Cisco patches 12 vulnerabilities

By Staff Writers
Sep 29, 2008 12:32 PM
Tags: Cisco | patches | 12 | vulnerabilities

In an advisory, Cisco Systems notified users of 12 security patches to fix vulnerabilities in its Internet Operating System (IOS) Software and Unified Communications Manager.

All but one of the patches correct vulnerabilities in the Internet IOS software. The patches come with accompanying advisories describing the program bugs.

There have been no known instances of malicious use of the vulnerabilities described in the advisories, Jean Reese, senior manager of Cisco's product security incident response team (PSIRT), told SCMagazineUS.com Friday.

The vulnerabilities were discovered during internal testing and while handling customer service requests.

“This is the second time we have done a scheduled bundle and this is in direct response to feedback we have gotten from customers,” Reese said.

The next bundle of security patches is scheduled to be published in March 2009.

“We have a lot of different customers that use IOS across a myriad of products. We encourage customers to read the advisories,” Reese said.

Cisco rated the vulnerabilities using the CVSS scoring system, which relates the score to the core confidentiality, integrity and availability principles.

Cisco's highest rated vulnerability, “uBR10012 Series Devices SNMP Vulnerability” was rated a 10 base score. The lowest rated vulnerability, “Cisco IOS MPLS VPN May Leak Information,” was rated a 5.1 base score.

“Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device,” Cisco's advisory stated.

Symantec Corp.'s security level ThreatCon Rating went from an “elevated” level 2, where it was on Thursday, to a “low” level 1, Friday.

“Patches for the Cisco uBR10012 Router Default SNMP Community Vulnerability have been available for over 24 hours. DeepSight Threat Management System (TMS) Sensors have not registered any significant activity that can be verified as malicious,” Symantec said on its website.

Secunia, in a separate advisory, rated the vulnerabilities a 3 out of 5, which it calls "moderately critical."

The SANS Internet Storm Center rated four of the vulnerabilities at their highest threat level, "patch now," six of the vulnerabilities “critical,” and two “important.”

Secure Computing Magazine

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Patch Management Whitepapers

Cisco patches 12 vulnerabilities

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management