Vulnerabilities in multiple Cisco products

Cisco has announced security vulnerabilities in multiple products, which attackers can exploit to cause denial of service attacks or for data inspection. In its security reports, the company refers to software updates that eliminate the vulnerabilities.

In Cisco's IOS, PIX and ASA, the Firewall Service Module and the Unified CallManager, the manufacturer deploys a third party cryptographic library. The library malfunctions when processing manipulated ASN.1 objects. The fault can occur, for example, during authentication via Internet Security Association and Key Management Protocol (ISAKMP), Secure Sockets Layer or Secure Shell, causing the devices to crash.

An additional error report from the manufacturer addresses in detail the security vulnerabilities in IOS operating systems during the processing of specific SSL messages. When using HTTPS, the authentication proxy for firewall HTTPS, Ciscos Network Security Agent with SSL support and IOS Clientless SSL VPN (WebVPN), attackers can trigger a crash with crafted messages after a successful TCP connection has been established. The affected messages are ClientHello, ChangeCipherSpec and Finished during the setup of an SSL connection.

In addition, Cisco has confirmed a cross-site scripting vulnerability in CallManager. Attackers may bypass the Web application firewall due to a faulty input validation and may thereby inject malicious code into the website.

Cisco provides software updates for all reported vulnerabilities for their registered users. Administrators should quickly update or deactivate the affected functions, if updating the software is not an option.

See also:

• Vulnerability In Crypto Library, security report from Cisco
• Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets, error report from Cisco
• Cisco CallManager Input Validation Vulnerability, error report from Cisco

(mba)