Cybersecurity threats 2015: Four new vulnerabilities in the Cisco products

Posted: April 9, 2015 in IT Security News
Tags: , , , ,
0

cisco company logoFour new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

  • Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
  • Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
  • Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
  • Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

1. Denial of service in the Cisco Nexus 9000

Danger: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0686
Vector of exploitation: Remote

Impact: Denial of service
Affected Products: Cisco Nexus 9000 Series Switches
Affected versions: Cisco Nexus 9000 6.1 (2) I2 (3)

CVE-2015-0686 Vulnerability Description:

A remote user can cause denial of service.
The vulnerability is caused due to an error in the subsystem SNMP. A remote authenticated user can trigger a reboot of the target device.

CVE-2015-0686 vulnerability

Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38193

2. Denial of service in the Cisco Catalyst 4500 Series

Danger: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0687
Vector of exploitation: Remote

Impact: Denial of service
Affected Products: Cisco Catalyst 4500E Series Switch
Affected versions: Cisco Catalyst 4500 Series 15.1 (2) SG4

CVE-2015-0687 Vulnerability Description:

A remote user can cause denial of service.
The vulnerability is caused due to an error in the code SNMP. A remote authenticated user can call crash of the target system.

CVE-2015-0687 vulnerability

Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38194

3. Denial of service in the Cisco ASR Router

Danger: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0688
Vector of exploitation: Remote

Impact: Denial of service
Affected Products: Cisco Aggregation Services Routers (ASR)
Affected versions: Cisco ASR Router 3.10.2S

CVE-2015-0688 Vulnerability Description:

A remote user can cause denial of service.
The vulnerability is caused due to an error when processing packets H.323. This can be exploited to crash the system.

CVE-2015-0688 vulnerability

Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38210

4. Cross-Site Scripting Vulnerability (XSS) in the Cisco Wireless LAN Controller

Danger: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0690
Vector of exploitation: Remote

Impact: Cross-site scripting
Affected Products: Cisco Wireless LAN Controller (WLC) 7.x
Affected versions: Cisco Wireless LAN Controller version to 8.0

CVE-2015-0690 Vulnerability Description:

A remote user can to perform a XSS-attack.
The vulnerability exists due to insufficient input data processing. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

CVE-2015-0690 vulnerability

Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38222

cisco company logo

Solution: Install the latest version of the product from the manufacturer.

Manufacturer URL: cisco.com

Leave a comment