Here’s a summary of the Cisco Security Advisories:
- Cisco AppDynamics Network Visibility Service DoS Vulnerability: An unauthenticated, local attacker could cause a denial of service (DoS) condition due to improper handling of unexpected input.
- Cisco Crosswork NSO Open Redirect Vulnerability: An unauthenticated, remote attacker could redirect a user to a malicious web page due to improper input validation of a parameter in an HTTP request.
- Cisco Crosswork NSO Privilege Escalation Vulnerability: An authenticated, local attacker could elevate privileges to root on an affected device because of a user-controlled search path used to locate executable files.
- Cisco Secure Client NAM Privilege Escalation Vulnerability: An unauthenticated attacker with physical access could elevate privileges to SYSTEM due to a lack of authentication on a specific function.
- Cisco Secure Email and Web Manager XSS Vulnerabilities: Multiple vulnerabilities could allow a remote attacker to conduct XSS attacks against users of the interface due to insufficient input validation.
- Cisco Secure Email Gateway HTTP Response Splitting Vulnerability: An unauthenticated, remote attacker could conduct an HTTP response splitting attack due to insufficient input validation of some parameters.
- Cisco Unified Communications Products API DoS Vulnerability: An unauthenticated, remote attacker could cause high CPU utilization and potentially impact access and call processing due to improper API authentication and incomplete validation of the API request.
Here’s a summary of the Cisco Security Advisories using bullet points for clarity:
- Cisco AppDynamics Network Visibility Service DoS Vulnerability:
- Unauthenticated, local attacker could cause a DoS condition.
- Due to the inability to handle unexpected input.
- No workarounds available; software updates have been released.
- Cisco Crosswork NSO Open Redirect Vulnerability:
- Unauthenticated, remote attacker could redirect users to a malicious web page.
- Caused by improper input validation of an HTTP request parameter.
- No workarounds; fixed software versions are available.
- Cisco Crosswork NSO Privilege Escalation Vulnerability:
- Authenticated, local attacker could elevate privileges to root.
- User-controlled search path used to locate executable files.
- No workarounds; software updates have been issued.
- Cisco Secure Client NAM Privilege Escalation Vulnerability:
- Unauthenticated attacker with physical access could elevate privileges to SYSTEM.
- Lack of authentication on a specific function.
- No workarounds; software updates have been released.
- Cisco Secure Email and Web Manager XSS Vulnerabilities:
- Multiple vulnerabilities could allow XSS attacks against interface users.
- Insufficient input validation.
- No workarounds; software updates have been provided.
- Cisco Secure Email Gateway HTTP Response Splitting Vulnerability:
- Unauthenticated, remote attacker could conduct an HTTP response splitting attack.
- Insufficient input validation of some parameters.
- No workarounds; software updates have been released.
- Cisco Unified Communications Products API DoS Vulnerability:
- Unauthenticated, remote attacker could cause high CPU utilization and DoS.
- Improper API authentication and incomplete validation of the API request.
- No workarounds; device recovers without manual intervention after the attack stops, and software updates are available.
For detailed information and software updates, please refer to the respective Cisco Security Advisories.
Leave a comment