ID
VAR-E-200312-0060
TITLE
Multiple Cisco FWSM Vulnerabilities
Trust: 0.3
DESCRIPTION
Cisco has reported the following vulnerabilities in Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series and Cisco 7600 Series:
Cisco FWSM is prone to a buffer overrun vulnerability when handling HTTP Auth data. This would most likely result in a denial of service but could also potentially allow for arbitrary code execution (though this has not been confirmed).
Cisco FWSM has also been reported to be prone to denial of service attacks via SNMPv3 messages. This will cause a vulnerable device to reboot.
Both of these issues have been addressed in FWSM 1.1.3 and later for affected devices.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | firewall services module | scope: | eq | version: | 1.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | firewall services module | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-x6380-nam | scope: | eq | version: | 76003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-2 | scope: | eq | version: | 76003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-1 | scope: | eq | version: | 76003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-2 | scope: | eq | version: | 76002.2 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-1 | scope: | eq | version: | 76002.2 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-x6380-nam | scope: | eq | version: | 76002.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 65007.6(1) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 65007.5(1) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 65005.4.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-x6380-nam | scope: | eq | version: | 65003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-2 | scope: | eq | version: | 65003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-1 | scope: | eq | version: | 65003.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-2 | scope: | eq | version: | 65002.2 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-svc-nam-1 | scope: | eq | version: | 65002.2 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst ws-x6380-nam | scope: | eq | version: | 65002.1 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 6500 | Trust: 0.3 |
| vendor: | cisco | model: | firewall services module | scope: | ne | version: | 1.1.3 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
These issues were reported by Cisco.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 9222 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml | Trust: 0.3 |
SOURCES
| db: | BID | id: | 9222 |
LAST UPDATE DATE
2022-07-27T09:29:11.431000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 9222 | date: | 2003-12-15T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 9222 | date: | 2003-12-15T00:00:00 |