VARIoT IoT vulnerabilities database
VAR-201112-0097 | CVE-2011-5007 |
3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201111-0008, VAR-E-201111-0006, VAR-E-201111-0009, VAR-E-201111-0007 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
VAR-201111-0006 | CVE-2011-1919 | GE Proficy Plant Application component remote stack buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability.
An attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Proficy Plant Applications Multiple Services Buffer Overflow
Vulnerabilities
SECUNIA ADVISORY ID:
SA46700
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46700/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46700
RELEASE DATE:
2011-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/46700/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46700/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46700
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Proficy Plant
Applications, which can be exploited by malicious people to
compromise a vulnerable system.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Apply updates.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Luigi Auriemma via ZDI.
ORIGINAL ADVISORY:
GE (GEIP-11-02):
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-1008 | No CVE | Pantech Link Mobile Browser Certificate Verification Security Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Pantech Link is a mobile phone that supports 2.4\" LCD screen and full keyboard. The Pantech Link/P7040P browser SSL certificate parsing contains a vulnerability caused by the \"Basic Constraints\" parameter that does not correctly check the certificate in the chain. Use the legal final entity The certificate is signed with a new certificate, and the attacker can obtain a \"legal\" certificate for any domain. For example: -TrustedCA--somedomain.com (legitimate certificate)---api.someotherdomain.com (signed by somedomain.com) uses this technology Any SSL communication using the api.someotherdomain.com certificate can be transparently intercepted. The browser of Pantech Link Phones is prone to a security weakness because it fails to verify SSL certificates presented by a remote server.
An attacker can exploit this weakness to masquerade as a legitimate server using a man-in-the-middle attack or to launch other attacks, such as phishing
VAR-201301-0177 | CVE-2012-6500 | Pragyan CMS of download.lib.php Vulnerable to directory traversal |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. ( Dot dot ) including fileget Arbitrary files may be read via parameters. Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks.
Pragyan CMS 3.0 is vulnerable; other versions may also be affected
VAR-190001-0207 | No CVE | CiscoKits CCNA TFTP Write Command Remote Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly verifies WRITE requests containing very long filenames, allowing an attacker to crash the service. CiscoKits CCNA TFTP Server is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users
VAR-190001-0663 | No CVE | CiscoKits CCNA TFTP 'Read' Command Directory Traversal Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly handles read requests containing \"../\" sequences, allowing an attacker to read arbitrary files through a directory traversal attack. CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks
VAR-190001-0584 | No CVE | Unknown vulnerabilities in the SAP J2EE engine |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
The SAP J2EE Engine Core is a core component of the SAP NetWeaver application platform. The SAP J2EE engine has security flaws that allow an attacker to compromise an enterprise computer system over the Internet.
The impact of this issue is currently unknown. We will update this BID when more information emerges
VAR-190001-0047 | No CVE | Vtiger CRM Multiple local files contain vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple local file inclusion vulnerabilities exist in Vtiger CRM 5.2.1 and earlier. Because the input provided to the user is not properly filtered, an attacker can exploit the vulnerability to obtain potentially sensitive information and execute any local scripts in the web server process, jeopardizing applications and computers, and possibly causing other attacks. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected
VAR-190001-1055 | No CVE | Unknown Cross-Site Scripting Vulnerability in Hitachi Command Suite Products |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi Command Suite is an integrated software suite for efficient management of virtualized storage and server infrastructure. Hitachi Command Suite has a cross-site scripting vulnerability. Because some unknown input lacks filtering before returning to the user, an attacker can use the vulnerability to conduct a cross-site scripting attack, construct a malicious URI, induce users to parse, obtain sensitive information, or hijack user sessions. Multiple Hitachi Command Suite Products, including Device Manager Software and Tiered Storage Manager Software, are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Hitachi Command Suite Products Unspecified Cross-Site Scripting
Vulnerability
SECUNIA ADVISORY ID:
SA48084
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48084/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48084
RELEASE DATE:
2012-02-21
DISCUSS ADVISORY:
http://secunia.com/advisories/48084/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48084/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48084
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi Command Suite products,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Certain unspecified input is not properly sanitised before being
returned to the user.
SOLUTION:
Update to version 7.2.1-00.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HS12-008 (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-008/index.html
HS12-008 (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-008/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201112-0102 | CVE-2011-5012 | Reflection FTP Client Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Attachmate Reflection FTP Client Response Processing Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA46879
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46879/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46879
RELEASE DATE:
2011-11-17
DISCUSS ADVISORY:
http://secunia.com/advisories/46879/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46879/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46879
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Protek Research Lab's has discovered a vulnerability in Reflection
for Secure IT, which can be exploited by malicious people to
compromise a user's system.
Successful exploitation allows execution of arbitrary code, but
requires tricking a user into connecting to a malicious server. Other versions may also be affected.
SOLUTION:
Do not connect to untrusted FTP servers.
PROVIDED AND/OR DISCOVERED BY:
Francis Provencher, Protek Research Lab's
ORIGINAL ADVISORY:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0418 | No CVE | Koha OPAC Multiple Cross-Site Scripting Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Koha is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the OPAC (Online Public Access Catalog) interface.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to Koha 3.4.2 are vulnerable.
VAR-201112-0335 | CVE-2011-4674 | ZABBIX 'only_hostid' parameter SQL injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
ZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201311-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Zabbix: Multiple vulnerabilities
Date: November 25, 2013
Bugs: #312875, #394497, #428372, #452878, #486696
ID: 201311-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Zabbix, possibly leading to
SQL injection attacks, Denial of Service, or information disclosure.
Background
==========
Zabbix is software for monitoring applications, networks, and servers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2
Description
===========
Multiple vulnerabilities have been discovered in Zabbix. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to execute arbitrary SQL statements,
cause a Denial of Service condition, or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Zabbix users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2"
References
==========
[ 1 ] CVE-2010-1277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277
[ 2 ] CVE-2011-2904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904
[ 3 ] CVE-2011-3263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263
[ 4 ] CVE-2011-4674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674
[ 5 ] CVE-2012-3435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435
[ 6 ] CVE-2013-1364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364
[ 7 ] CVE-2013-5572
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-15.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
VAR-201112-0313 | CVE-2011-3339 | plural SafeNet Product cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file. Safenet provides software protection and certificate management products, affected products Sentinel HASP, previously Aladdin HASP SRM is a digital certificate management program. 7T IGSS uses the SafeNet Sentinel HASP SDK for managing digital certificates. Special characters allow an attacker to build and inject HTML into a configuration file. Successful exploitation of the vulnerability allows an attacker to change the code in the configuration file. This vulnerability can be reproduced using Mozilla FIrefox 2.0, which is currently not triggered by current Mozilla Firefox, Microsoft Internet Explorer, Opera, and Google Chrome. SafeNet Sentinel HASP and 7T IGSS are prone to an HTML-injection vulnerability because they fail to properly sanitize user-supplied input.
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
SafeNet Sentinel HASP Admin Control Center Script Insertion Weakness
SECUNIA ADVISORY ID:
SA47349
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47349/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47349
RELEASE DATE:
2011-12-22
DISCUSS ADVISORY:
http://secunia.com/advisories/47349/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47349/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47349
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness has been reported in SafeNet Sentinel HASP Run-time
Environment, which can be exploited by malicious users to conduct
script insertion attacks.
Successful exploitation requires a victim to view injected data using
Mozilla Firefox version 2.0.
The weakness is reported in version 5.95 and prior.
SOLUTION:
Apply patch (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Carlos Mario Penagos Hollman, Synapse-labs.
ORIGINAL ADVISORY:
SafeNet:
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0555 | No CVE | Movicon 'dwmapi.dll' DLL Load arbitrary code execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Movicon is the first fully XML-based Scada/HMI software developed by the famous Italian automation software provider PROGEA. There is an arbitrary code execution vulnerability in Movicon 11.2 Build 1085 and other versions of dwmapi.dll. A remote attacker can open a file on a network share containing a specially crafted dynamic link library (DLL) file by tricking legitimate users into using the affected application
VAR-190001-0980 | No CVE | vtiger CRM 'class.phpmailer.php' Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application.
vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
VAR-190001-0390 | No CVE | Hitachi JP1 / IT Resource Management Unidentified Security Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
There is an unknown security hole in Hitachi JP1 / IT resource management. This vulnerability is related to verification information, and no detailed vulnerability details are currently provided.
The impact of this issue is currently unknown. We will update this BID when more information emerges. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/IT Resource Management Authentication Information
Vulnerability
SECUNIA ADVISORY ID:
SA45469
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45469/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45469
RELEASE DATE:
2011-07-29
DISCUSS ADVISORY:
http://secunia.com/advisories/45469/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45469/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45469
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability with an unknown impact has been reported in Hitachi
JP1/IT Resource Management. No further information is currently
available.
The vulnerability is reported in versions 09-10 through 09-10-03 and
09-11 through 09-11-02.
SOLUTION:
Update to version 09-50 2011.07.29
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-016/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-190001-0871 | No CVE | Sagem F@st Router Verification Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Sagem F@st Routers is a router product. The Sagem Fast router (3304-V1 / 3304-V2 / 3464 / 3504) has a pre-configured root password that has not changed by default ISP and creates another administrative account. Due to a problem with the algorithm, an attacker can exploit the vulnerability to obtain a user password and access the device. Multiple Sagem F@st Routers are prone to a remote authentication-bypass vulnerability. This will completely compromise an affected device.
The following routers are affected:
Sagem F@st 3304
Sagem F@st 3464
Sagem F@st 3504
VAR-190001-0426 | No CVE | Multiple Vendors IPv6 Router Advertisement Guard Evasion Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Multiple vendor products have security bypass vulnerabilities that allow an attacker to bypass the security mechanisms built into the affected device. This may help further attacks. Multiple vendors products are prone to a security-bypass vulnerability
VAR-190001-0671 | No CVE | D-Link DSL-2650U Remote Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DSL-2650U is a routing device. The D-Link DSL-2650U does not properly handle HTTP requests submitted by users. A remote attacker can exploit the vulnerability to perform a denial of service attack on the device.
Attackers may leverage this issue to crash the Web server on the affected device, denying service to legitimate users.
D-Link DSL-2650U 1.20 is affected; other versions may also be vulnerable
VAR-201110-0246 | CVE-2011-3271 |
Cisco IOS Smart Install Remote Code Execution Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0607 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. Cisco IOS is prone to a remote code-execution service vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges on affected devices. Successful exploits will completely compromise an affected device.
This issue is tracked by Cisco Bug ID CSCto10165. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds available to mitigate this vulnerability
other than disabling the Smart Install feature.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
This vulnerability only affects Cisco Catalyst Switches and Cisco
Integrated Services Routers with the Smart Install feature enabled.
Vulnerable Products
+------------------
Devices configured as a Smart Install client or director are affected
by this vulnerability. To display Smart Install information, use the
"show vstack config" privileged EXEC command on the Smart Install
director or client. The outputs of the show commands are different
when entered on the director or on the client. The following is the
output of the "show vstack config" in a device configured as a Smart
Install client:
switch#show vstack config
Role: Client
Vstack Director IP address: 10.1.1.163
The following is the output of the "show vstack config" in a Cisco
Catalyst Switch configured as a Smart Install director:
Director# show vstack config
Role: Director
Vstack Director IP address: 10.1.1.163
Vstack Mode: Basic
Vstack default management vlan: 1
Vstack management Vlans: none
Vstack Config file: tftp://10.1.1.100/default-config.txt
Vstack Image file: tftp://10.1.1.100/c3750e-universalk9-tar.122-
Join Window Details:
Window: Open (default)
Operation Mode: auto (default)
Vstack Backup Details:
Mode: On (default)
Repository: flash:/vstack (default)
To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
"show version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release
naming conventions is available in the white paper Cisco
IOS and NX-OS Software Reference Guide available at
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
Details
=======
Smart Install is a plug-and-play configuration and image-management
feature that provides zero-touch deployment for new switches and
Cisco Integrated Services Routers. This means that a customer can
ship a device to a location, place it in the network and power it on
with no configuration required on the device. Smart Install uses TCP port 4786 for
communication. An established TCP connection with a completed TCP
three-way handshake is needed to be able to trigger this
vulnerability.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCto10165 ("Smart Install Crashes with certain IP Packets")
CVSS Base Score - 10.0
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation could allow an unauthenticated, remote
attacker to perform remote code execution on the affected device.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 12.0-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.0 based releases |
|------------------------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 12.1-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.1 based releases |
|------------------------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 12.2-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------+----------------+------------------------------|
| 12.2 | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2B | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2BC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2BX | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SB |
|------------+----------------+------------------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2CX | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2CZ | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SB |
|------------+----------------+------------------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Releases up to and including |
| 12.2EW | Not vulnerable | 12.2(20)EW4 are not |
| | | vulnerable. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2EX | 12.2(55)EX3 | 12.2(55)EX3 |
|------------+----------------+------------------------------|
| 12.2EY | 12.2(58)EY | 12.2(58)EY |
|------------+----------------+------------------------------|
| | Vulnerable; | |
| | migrate to any | |
| | release in | |
| | 15.0SE | |
| 12.2EZ | | Vulnerable; migrate to any |
| | Releases up to | release in 15.0SE |
| | and including | |
| | 12.2(53)EZ are | |
| | not | |
| | vulnerable. | |
|------------+----------------+------------------------------|
| 12.2FX | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2FY | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2EX |
|------------+----------------+------------------------------|
| 12.2FZ | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2IRA | Not vulnerable | Vulnerable; migrate to any |
| | | release in 12.2IRG |
|------------+----------------+------------------------------|
| 12.2IRB | Not vulnerable | Vulnerable; migrate to any |
| | | release in 12.2IRG |
|------------+----------------+------------------------------|
| 12.2IRC | Not vulnerable | Vulnerable; migrate to any |
| | | release in 12.2IRG |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IRD | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IRE | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2IRF | Not vulnerable | Vulnerable; migrate to any |
| | | release in 12.2IRG |
|------------+----------------+------------------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXB | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXC | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXD | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXE | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXF | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXG | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2IXH | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2MC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2MRA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SRD |
|------------+----------------+------------------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+----------------+------------------------------|
| | | Releases prior to 12.2(30)S |
| | | are vulnerable; Releases |
| 12.2S | Not vulnerable | 12.2(30)S and later are not |
| | | vulnerable. First fixed in |
| | | Release 12.2SB |
|------------+----------------+------------------------------|
| | | 12.2(31)SB20 |
| 12.2SB | Not vulnerable | |
| | | 12.2(33)SB10 |
|------------+----------------+------------------------------|
| 12.2SBC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SB |
|------------+----------------+------------------------------|
| 12.2SCA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SCC |
|------------+----------------+------------------------------|
| 12.2SCB | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SCC |
|------------+----------------+------------------------------|
| 12.2SCC | Not vulnerable | 12.2(33)SCC7 |
|------------+----------------+------------------------------|
| 12.2SCD | Not vulnerable | 12.2(33)SCD6 |
|------------+----------------+------------------------------|
| | | 12.2(33)SCE1 |
| 12.2SCE | Not vulnerable | |
| | | 12.2(33)SCE2 |
|------------+----------------+------------------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | Releases up to | 12.2(55)SE3 |
| 12.2SE | and including | |
| | 12.2(54)SE are | 12.2(58)SE |
| | not vulnerable | |
|------------+----------------+------------------------------|
| 12.2SEA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2SEB | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2SEC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2SED | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2SEE | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| 12.2SEF | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SE |
|------------+----------------+------------------------------|
| | | Releases prior to 12.2(25) |
| | | SEG4 are vulnerable; |
| 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 and |
| | | later are not vulnerable. |
| | | First fixed in Release |
| | | 12.2EX |
|------------+----------------+------------------------------|
| | | Releases prior to 12.2(53) |
| 12.2SG | Not vulnerable | SG4 are vulnerable; Releases |
| | | 12.2(53)SG4 and later are |
| | | not vulnerable. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2SGA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2SM | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+----------------+------------------------------|
| 12.2SRA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SRD |
|------------+----------------+------------------------------|
| 12.2SRB | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SRD |
|------------+----------------+------------------------------|
| 12.2SRC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SRD |
|------------+----------------+------------------------------|
| 12.2SRD | Not vulnerable | 12.2(33)SRD6 |
|------------+----------------+------------------------------|
| 12.2SRE | Not vulnerable | 12.2(33)SRE4 |
|------------+----------------+------------------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SU | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| | | Releases prior to 12.2(29a) |
| | | SV are vulnerable; Releases |
| 12.2SV | Not vulnerable | 12.2(29a)SV and later are |
| | | not vulnerable. Migrate to |
| | | any release in 12.2SVD |
|------------+----------------+------------------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2SW | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2SX | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| 12.2SXA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| 12.2SXB | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| 12.2SXD | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| 12.2SXE | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| 12.2SXF | Not vulnerable | 12.2(18)SXF17b |
|------------+----------------+------------------------------|
| 12.2SXH | Not vulnerable | 12.2(33)SXH8a |
|------------+----------------+------------------------------|
| 12.2SXI | Not vulnerable | 12.2(33)SXI6 |
|------------+----------------+------------------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2SY | Not vulnerable | 12.2(50)SY |
|------------+----------------+------------------------------|
| 12.2SZ | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SB |
|------------+----------------+------------------------------|
| 12.2T | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2TPC | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XB | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XNA | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XNB | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XNC | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XND | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XNE | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | Please see | |
| 12.2XNF | Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+----------------+------------------------------|
| | | Releases prior to 12.2(54)XO |
| 12.2XO | Not vulnerable | are vulnerable; Releases |
| | | 12.2(54)XO and later are not |
| | | vulnerable. |
|------------+----------------+------------------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2YA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YF | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YH | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YJ | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YL | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2YM | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YN | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YQ | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YR | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YS | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YT | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YU | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YV | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YW | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YX | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YY | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2YZ | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2ZA | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXF |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2ZB | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2ZE | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2ZF | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2ZH | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.4 |
|------------+----------------+------------------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2ZL | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| 12.2ZU | Not vulnerable | Vulnerable; First fixed in |
| | | Release 12.2SXH |
|------------+----------------+------------------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2ZY | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 12.2ZYA | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 12.3-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.3 based releases |
|------------------------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 12.4-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.4 based releases |
|------------------------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 15.0-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 15.0 based releases |
|------------------------------------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 15.1-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 15.1EY | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| 15.1GC | Not vulnerable | Vulnerable; First fixed in |
| | | Release 15.1T |
|------------+----------------+------------------------------|
| | 15.1(4)M2; | 15.1(4)M2; Available on |
| 15.1M | Available on | 30-SEP-11 |
| | 30-SEP-11 | |
|------------+----------------+------------------------------|
| | | Vulnerable; contact your |
| | | support organization per the |
| 15.1MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+----------------+------------------------------|
| | | 15.1(2)S2 |
| 15.1S | Not vulnerable | |
| | | 15.1(3)S |
|------------+----------------+------------------------------|
| | | 15.1(2)T4 |
| 15.1T | 15.1(3)T2 | |
| | | 15.1(1)T4 on 8-Dec-2011 |
|------------+----------------+------------------------------|
| | Vulnerable; | |
| | First fixed in | |
| | Release 15.1T | |
| | | Vulnerable; First fixed in |
| 15.1XB | Releases up to | Release 15.1T |
| | and including | |
| | 15.1(1)XB are | |
| | not | |
| | vulnerable. | |
|------------+----------------+------------------------------|
| Affected | First Fixed | First Fixed Release for All |
| 15.2-Based | Release | Advisories in the September |
| Releases | | 2011 Bundled Publication |
|------------------------------------------------------------|
| There are no affected 15.2 based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
Cisco IOS XE Software is not affected by the vulnerability disclosed
in this advisory.
Cisco IOS XR Software is not affected by the vulnerabilities
disclosed in the September 28, 2011, Cisco IOS Software Security
Advisory bundled publication.
Workarounds
===========
There are no workarounds available to mitigate this vulnerability
other than disabling the Smart Install feature. The Smart Install
Feature is enabled by default in client switches. No configuration is
needed in client switches.
If Smart Install feature is not required, and the device supports
the configuration command "no vstack" as introduced by Cisco Bug
ID CSCtj75729, then disabling Smart Install, with the "no vstack"
configuration command mitigates this vulnerability.
Additional mitigations that can be deployed on Cisco devices within the
network are available in the Cisco Applied Mitigation Bulletin companion
document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20110928-smart-install.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was discovered and reported to Cisco by Greg Jones
of Digital Assurance.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at http://www.cisco.com/en/US/products/
products_security_vulnerability_policy.html. This includes
instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at http://www.cisco.com/
go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2kACgkQQXnnBKKRMNDdKgD+O6C0i2f0RXM757+tLSehkxsW
NBAYqM590ni6eZvq7PwA/1WW59WEHU0DY2mgou/w2doZmIWczbfihzBwvIUyvHPa
=mkgL
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The new Secunia Corporate Software Inspector (CSI) 5.0
Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X.
Get a free trial now and qualify for a special discount:
http://secunia.com/vulnerability_scanning/corporate/trial/
----------------------------------------------------------------------
TITLE:
Cisco IOS Smart Install Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA46165
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46165/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46165
RELEASE DATE:
2011-09-29
DISCUSS ADVISORY:
http://secunia.com/advisories/46165/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46165/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46165
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to compromise a vulnerable device.
Successful exploitation may allow execution of arbitrary code.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor