Here’s a summary of the Cisco Security Advisories:
- Cisco AppDynamics Network Visibility Service DoS Vulnerability: An unauthenticated, local attacker could cause a denial of service (DoS) condition due to improper handling of unexpected input.
- Cisco Crosswork NSO Open Redirect Vulnerability: An unauthenticated, remote attacker could redirect a user to a malicious web page due to improper input validation of a parameter in an HTTP request.
- Cisco Crosswork NSO Privilege Escalation Vulnerability: An authenticated, local attacker could elevate privileges to root on an affected device because of a user-controlled search path used to locate executable files.
- Cisco Secure Client NAM Privilege Escalation Vulnerability: An unauthenticated attacker with physical access could elevate privileges to SYSTEM due to a lack of authentication on a specific function.
- Cisco Secure Email and Web Manager XSS Vulnerabilities: Multiple vulnerabilities could allow a remote attacker to conduct XSS attacks against users of the interface due to insufficient input validation.
- Cisco Secure Email Gateway HTTP Response Splitting Vulnerability: An unauthenticated, remote attacker could conduct an HTTP response splitting attack due to insufficient input validation of some parameters.
- Cisco Unified Communications Products API DoS Vulnerability: An unauthenticated, remote attacker could cause high CPU utilization and potentially impact access and call processing due to improper API authentication and incomplete validation of the API request.
Here’s a summary of the Cisco Security Advisories using bullet points for clarity:
- Cisco AppDynamics Network Visibility Service DoS Vulnerability:
- Unauthenticated, local attacker could cause a DoS condition.
- Due to the inability to handle unexpected input.
- No workarounds available; software updates have been released.
- Cisco Crosswork NSO Open Redirect Vulnerability:
- Unauthenticated, remote attacker could redirect users to a malicious web page.
- Caused by improper input validation of an HTTP request parameter.
- No workarounds; fixed software versions are available.
- Cisco Crosswork NSO Privilege Escalation Vulnerability:
- Authenticated, local attacker could elevate privileges to root.
- User-controlled search path used to locate executable files.
- No workarounds; software updates have been issued.
- Cisco Secure Client NAM Privilege Escalation Vulnerability:
- Unauthenticated attacker with physical access could elevate privileges to SYSTEM.
- Lack of authentication on a specific function.
- No workarounds; software updates have been released.
- Cisco Secure Email and Web Manager XSS Vulnerabilities:
- Multiple vulnerabilities could allow XSS attacks against interface users.
- Insufficient input validation.
- No workarounds; software updates have been provided.
- Cisco Secure Email Gateway HTTP Response Splitting Vulnerability:
- Unauthenticated, remote attacker could conduct an HTTP response splitting attack.
- Insufficient input validation of some parameters.
- No workarounds; software updates have been released.
- Cisco Unified Communications Products API DoS Vulnerability:
- Unauthenticated, remote attacker could cause high CPU utilization and DoS.
- Improper API authentication and incomplete validation of the API request.
- No workarounds; device recovers without manual intervention after the attack stops, and software updates are available.
For detailed information and software updates, please refer to the respective Cisco Security Advisories.
Related posts:
Cisco Secure Client Carriage Return Line Feed Injection Vulnerability
Vulnerabilities in Adobe Premiere Pro and Adobe Bridge founded
Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability
Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco
Leave a comment