Cisco released a slew of security advisories on Wednesday and Thursday. These affect Cisco IOS/BGP, Cisco Application Networking Manager, Unified MeetingPlace Web Conferencing Server and Application Control Engine.
Here are Cisco's descriptions of these vulnerbilities:
* IntelliShield ID 17640: Cisco Unified MeetingPlace Persistent Cross-Site Scripting Vulnerability -- Cisco Unified MeetingPlace versions prior to 6.0(517.0) and prior to 7.0(2) contain a vulnerability that could allow an authenticated, remote attacker to execute arbitrary script code in a user's browser session. The vulnerability is due to an error by the web server. An authenticated, remote attacker could exploit this vulnerability by inserting malicious HTML and script code into the attacker's own MeetingPlace account. This action could allow the attacker to execute the malicious code in the browser session of any user who views the attacker's account details.
* IntelliShield ID 17648: Cisco Unified MeetingPlace Web Conferencing Server Authentication Bypass Vulnerability -- Cisco Unified MeetingPlace versions 6.0 and 7.0 contain a vulnerability that could allow an unauthenticated, remote attacker to bypass authentication and access to the application. The vulnerability exists because the Web Conferencing Server does not properly validate authentication credentials. An attacker could exploit the vulnerability to bypass authentication and access the Unified MeetingPlace application. An exploit could allow the attacker to change configuration settings in the application with administrative privileges.
* IntelliShield alert 17657 (and the older IntelliShield ID 17670 from Feb. 23): Cisco IOS Software Border Gateway Protocol Processing Autonomous System Prepending -- Due to a bug in Cisco IOS Software (CSCsx73770), an error may occur if a Cisco IOS device attempts to send a BGP update message that contains a route with an AS path length greater than 255 to a BGP neighbor.
* IntelliShield ID 17639: Cisco Application Networking Manager Java Agent Privilege Escalation Vulnerability -- Cisco Application Networking Manager (ANM) versions prior to 2.0 Update A contain a vulnerability that could allow an unauthenticated, remote attacker to perform actions with elevated privileges. The vulnerability exists due to an error in the implementation of the Java agent. An unauthenticated, remote attacker could exploit this vulnerability to gain unauthorized access to the Cisco ANM interface. The attacker could leverage this access to view configuration files and modify Cisco ANM processes. By terminating processes, the attacker could cause a denial of service (DoS) condition.
* IntelliShield ID 17637: Cisco Application Networking Manager Default Credential Vulnerability -- Cisco Application Networking Manager (ANM) versions prior to 2.0 contain a vulnerability that could allow an unauthenticated, remote attacker to bypass authentication. The vulnerability exists because ANM fails to force administrators to change authentication credentials during installation. An attacker with knowledge of the credentials could gain unauthorized access to the targeted system, then leverage the access to take complete control of the targeted system.
* IntelliShield ID 17636: Cisco Application Control Engine Device Manager and Application Networking Manager Directory Traversal Vulnerability -- Cisco Application Control Engine Device Manager (ACE) and Application Networking Manager (ANM) contain a directory traversal vulnerability that could allow an authenticated, remote attacker to view and modify arbitrary files. The vulnerability is due to an error when Cisco ACE and Cisco ANM process malicious requests. An authenticated, remote attacker could exploit this vulnerability by using directory traversal characters in a crafted request. An exploit could allow the attacker to conduct directory traversal attacks and view or modify arbitrary files on the targeted system.
* IntelliShield ID 17642: Cisco Application Control Engine Appliance Device Manager Default Credentials Vulnerability --
Cisco Application Control Engine (ACE) Appliance software versions prior to A1(8a) contain a vulnerability that could allow an unauthenticated, remote attacker to gain unauthorized access to the targeted system. The vulnerability is due to the presence of default credentials in the Device Manager. An attacker with knowledge of these default credentials could gain unauthorized access to the targeted system. The attacker could then leverage this access to take complete control the system. Functional exploit code exists for this vulnerability.
* IntelliShield ID 17641: Cisco Application Control Engine Appliance and Application Control Engine Module Default Credential Vulnerability -- Cisco Application Control Engine (ACE) Appliance and Module contain a vulnerability that could allow an unauthenticated, remote attacker to gain unauthorized access to the system. The vulnerability exists due to a failure to change default account credentials. An attacker with knowledge of the credentials could gain unauthorized access to the targeted system to modify the configuration of the application, or leverage access to take complete control of the targeted device.
* IntelliShield ID 17645: Cisco Application Control Engine Module and Appliance Processing SNMPv2 Packet Denial of Service Vulnerability -- Cisco Application Control Engine Module and Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error in the Application Control Engine (ACE) Module and Appliance when handling malformed packets. An attacker could exploit the vulnerability by sending a malicious SNMPv2 packet to the device. If successful, the device may reload, resulting in a DoS condition.
* IntelliShield ID 17644: Cisco Application Control Engine Module and Appliance Processing SSH Packet Denial of Service Vulnerability -- Cisco Application Control Engine (ACE) Module and Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error in the ACE Module and Appliance when handling malformed packets. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious SSH packet to the device. If successful, the device may reload, resulting in a DoS condition.
* IntelliShield ID 17646: Cisco Application Control Engine Module and Appliance Processing SNMPv3 Packet Denial of Service Vulnerability -- Cisco Application Control Engine Module and Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error in the Application Control Engine (ACE) Module and Appliance when handling malformed packets. An attacker could exploit the vulnerability by sending a malicious Simple Network Management Protocol version 3 (SNMPv3) packet to the device. If successful, the device may reload, resulting in a DoS condition.
IntelliShield ID 17643: Cisco Application Control Engine Module and Application Control Engine Appliance Privilege Escalation Vulnerability -- Cisco Application Control Engine (ACE) Appliance and ACE Module contain a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands with elevated privileges. The vulnerability is due to insufficient access restrictions enforced by the command-line interface. An authenticated, remote attacker could exploit this vulnerability to gain access to execute arbitrary administrative commands with elevated privileges via the command-line interface. The attacker could leverage these privileges to take complete control of the target system.
For more information on these and other vulnerabilities, check out the Cisco Security Center.
More from Cisco Subnet:
Brocade posts $26 million quarterly loss, record revenuesNew CCIE count: Beginning roots of a new tech boom?OSPF Puzzle VI: Interpreting show ip ospf IT in 2109: Quantum Entanglement, Mini Black Holes and Nanotech: Part 1Vyatta beats out Cisco, Juniper for New Mexico winDetails of "Project California" revealed Largest coordinated ATM Rip-off ever nets $9+ million in 30 minutesGo to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, training/book giveaways, and more. Follow Cisco Subnet on Twitter.