Large patch day for Cisco admins
Networking giant Cisco has published a total of 7 security advisories for its Internetwork Operating System (IOS) software. Each advisory lists one or more vulnerabilities and includes information about the updates that correct them. The vulnerabilities relate to various functions and protocols, such as IPSec, NAT, SIP, MPLS, H.323 and TCP. A summary table has been published with links to additional documents with instructions on work arounds and classifications for each issue. The highest rated vulnerabilities (CVSS 10) allow the execution of injected code when parsing SIP packets and exposure to a denial of service in the SIP Message handling.
See also:
- Summary of Cisco IOS Software Bundled Advisories, security advisory from Cisco.
- Cisco IOS Software H.323 Denial of Service Vulnerabilities, security advisory from Cisco.
- Cisco IOS Software IPsec Vulnerability, security advisory from Cisco.
- Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability, security advisory from Cisco.
- Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities, security advisory from Cisco.
- Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability, security advisory from Cisco.
- Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability, security advisory from Cisco.
- Cisco Unified Communications Manager Express Denial of Service Vulnerabilities, security advisory from Cisco.
(crve)