Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Multiple Cisco Security Notice - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple Cisco Security Notice

"Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device."[1]
"A vulnerability in the memory management when executing either the show monitor session all or show monitor session command-line interface (CLI) commands on the Cisco Unified Computing System (UCS) 6100 Series Fabric Interconnects could allow an authenticated, local attacker to trigger a memory leak."[2]
"A vulnerability in the Routing Information Protocol (RIP) process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash."[3]
"A vulnerability in Web Administrator Interface of Cisco Wireless LAN Controllers (WLC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition."[4]

[1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3463
[2] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467
[3] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3470
[4] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

414 Posts
ISC Handler
I am not able to find any more info about #1 other than the link provided.... (which doesn't give any details or software version remedies)...and I am also not seeing it listed here...

http://tools.cisco.com/security/center/publicationListing.x

Did this advisory get pulled after it was first published by any chance?
K-Dee

63 Posts Posts
The other link we have is tools.cisco.com/security/center/… with:

Version Summary: Cisco Adaptive Security Appliance Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available.
Guy

414 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!