CISCO Security Advisories

Published: 2009-09-23. Last Updated: 2009-09-24 01:24:05 UTC
by Mark Hofman (Version: 1)

CISCO has released a number of security advisories. The following table summarises the information. for more details check out the full advisory on the CISCO site.

#	Product	CVSS Score Base/Temp	Impact	Work Around/Fix	Mitigation	Exploit avail?
cisco-sa-20090923-cm*	Unified Communications Manager	7.8 / 6.4	DOS reload of device	N / Y	Filter 5060/5061 on screening devices	Not known
cisco-sa-20090923-acl	IOS	4.3 / 3.6	Unauth access to protected resources	N / Y	Disable Object Groups for ACL feature	Not known
cisco-sa-20090923-cme*	Unified Communications Manager Express	7.6 /6.3	Code execution/DOS	N / Y	Disable Extension Mobility	Not known
cisco-sa-20090923-h323*	IOS	7.8 / 6.4	H.323 DOS Reload of device	N / Y	Disable H.323	Not known
cisco-sa-20090923-ios-fw*	IOS-FW	7.8 / 6.4	DOS reload of device	Y / Y	Disable SIP Inspection	Not known
cisco-sa-20090923-ntp	IOS	7.8 / 6.4	DOS reload of device	N / Y	Disable NTP	Not known
cisco-sa-20090923-sip*	IOS	7.8 / 6.4	DOS reload of device	N / Y	Disable SIP	Not known
cisco-sa-20090923-ipsec	IOS-IPSEC	7.8 / 6.4	DOS exhaust all SAs	N / Y	None	Not known
cisco-sa-20090923-tls**	IOS (ASA is not vulnerable)	7.8 / 6.4	DOS reload of device	N / Y	Disable web VPN, protect SSH access	Not known
cisco-sa-20090923-auth-prox	IOS	7.1 / 5.9	Auth Bypass	N / Y	None	Not known
cisco-sa-20090923-tunnels	IOS	7.1 / 5.9	DOS reload of device	Y / Y	Disable CISCO express Forwarding	Not known

*Issues are VoIP related so may not apply to you
** Possible the more urgent one as a specific packet sent to the device will cause it to reload.

For more information on the CVSS score see http://nvd.nist.gov/cvss.cfm?vectorinfo make sure you apply your site specific modifiers to get a score relevant to your organisation.

As always, test, test again and have a backout plan before applying updates.

Mark H

Keywords:

2 comment(s)

Comments

I am a bit confused by the information in the table. Doesn't the Mitigation information supplied suggest that a Workaround is available? Can anyone help clear this up for me please? Thanks in advance.

Good question. I considered a work around as something you can do which will allow you to continue using the function, but not be vulnerable.
The mitigation is how do I make the device safe, but not necessarily use the function. From the mitigations in the table, most of them are "Switch it off" Not vulnerable, but I can't use it for that function. - M

Internet Storm Center

CISCO Security Advisories

Comments

Bloke

Sep 24th 2009
1 decade ago

Mark

Sep 25th 2009
1 decade ago

CISCO Security Advisories

Comments

Bloke

Sep 24th 20091 decade ago

Mark

Sep 25th 20091 decade ago

Sep 24th 2009
1 decade ago

Sep 25th 2009
1 decade ago