CISCO Security Advisories
CISCO has released a number of security advisories. The following table summarises the information. for more details check out the full advisory on the CISCO site.
# |
Product |
CVSS Score Base/Temp |
Impact |
Work Around/Fix |
Mitigation |
Exploit avail? |
Unified Communications Manager |
7.8 / 6.4 |
DOS reload of device |
N / Y |
Filter 5060/5061 on screening devices |
Not known |
|
IOS |
4.3 / 3.6 |
Unauth access to protected resources |
N / Y |
Disable Object Groups for ACL feature |
Not known |
|
Unified Communications Manager Express |
7.6 /6.3 |
Code execution/DOS |
N / Y |
Disable Extension Mobility |
Not known |
|
IOS |
7.8 / 6.4 |
H.323 DOS Reload of device |
N / Y |
Disable H.323 |
Not known |
|
IOS-FW |
7.8 / 6.4 |
DOS reload of device |
Y / Y |
Disable SIP Inspection |
Not known |
|
IOS |
7.8 / 6.4 |
DOS reload of device |
N / Y |
Disable NTP |
Not known |
|
IOS |
7.8 / 6.4 |
DOS reload of device |
N / Y |
Disable SIP |
Not known |
|
IOS-IPSEC |
7.8 / 6.4 |
DOS exhaust all SAs |
N / Y |
None |
Not known |
|
IOS (ASA is not vulnerable) |
7.8 / 6.4 |
DOS reload of device |
N / Y |
Disable web VPN, protect SSH access |
Not known |
|
IOS |
7.1 / 5.9 |
Auth Bypass |
N / Y |
None |
Not known |
|
IOS |
7.1 / 5.9 |
DOS reload of device |
Y / Y |
Disable CISCO express Forwarding |
Not known |
*Issues are VoIP related so may not apply to you
** Possible the more urgent one as a specific packet sent to the device will cause it to reload.
For more information on the CVSS score see http://nvd.nist.gov/cvss.cfm?vectorinfo make sure you apply your site specific modifiers to get a score relevant to your organisation.
As always, test, test again and have a backout plan before applying updates.
Mark H
Comments
Bloke
Sep 24th 2009
1 decade ago
The mitigation is how do I make the device safe, but not necessarily use the function. From the mitigations in the table, most of them are "Switch it off" Not vulnerable, but I can't use it for that function. - M
Mark
Sep 25th 2009
1 decade ago