jim_duffy
Managing Editor

Cisco unleashes flurry of security advisories

Analysis
Sep 23, 20092 mins

11 in all on same day, affecting IOS and Unified Communications Manager

Cisco today released 11 security advisories — nine for IOS and two for Unified Communications Manager. Several deal with denial of service vulnerabilities and others with holes in encrypted packets, authentication proxies, ACLs, firewall policies and Internet key exchanges. Two involve Cisco’s implementation of the SIP protocol.

Cisco has already issued six Applied Mitigation Bulletins for the advisories explaining how to avoid or workaround the vulnerabilities. The five vulnerabilities for which mitigation bulletins have not yet been issued all involve IOS, and include: object group ACL bypass, crafted encryption packet DoS, authentication proxy, zone-based policy firewall and Network Time Protocol packets.

Nonetheless, Cisco says each advisory lists software releases that correct the vulnerabilities.

Cisco says it is not aware of any malicious exploitations of the vulnerabilities. Most were discovered by Cisco during internal testing; others were reported by customers on uncovered during customer support calls.

More from Cisco Subnet:

Win great stuff from Cisco Subnet Like e-mail? Subscribe to the Cisco Alert newsletter. Cisco Subnet RSS feedFollow all Cisco Subnet bloggers on Twitter.

Like RSS readers? Subscribe to the

Follow Jim Duffy on Twitter