Cisco releases security updates
Cisco has published three security advisories describing vulnerabilities in its products. Two advisories explain the potential for DoS attacks on the SSH server of the IOS router and switch operating system and in Cisco's Service Control Engine (SCE). Attackers can provoke a system reboot by submitting crafted packets. According to the advisory, no authentication is required to do so. The third advisory describes a hole that enables basic administrators to set up a super user account in Cisco's Unified Customer Voice Portal (CVP). Cisco has made updates available to solve the problems. Further details are given in the vendor's advisories.
- Cisco IOS Secure Shell Denial of Service Vulnerabilities, Cisco security advisory
- Cisco Service Control Engine Denial of Service Vulnerabilities, Cisco security advisory
- Cisco Voice Portal Privilege Escalation Vulnerability, Cisco security advisory