ISC Diary

 Cisco has issued five security advisories today, including:

• Cisco Cius Denial of Service Vulnerability    
• Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities  
• Multiple Vulnerabilities in Cisco Unity Connection
• Multiple Vulnerabilities in Cisco Wireless LAN Controllers
• Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities 

Adverse conditions include DoS, directory traversal, command injection, unauthenticated upload, privilege escalation, and protocol manipulation. Test and update as appropriate.

[Update (JBU) ] The "Skinny" vulnerability sounds interesting as it does allow the execution of SQL code on the device. SQL injection via Skinny is certainly an interesting attack vector. Another more serious vulnerability is the configuration access problem and access control bypass in wireless LAN controllers.

Russ McRee @holisticinfosec