Four new vulnerabilities in the Cisco products
Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.
Affected Products:
- Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
- Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
- Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
- Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)
1. Denial of service in the Cisco Nexus 9000
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0686
Vector of exploitation: Remote
Impact: Denial of service
Affected Products: Cisco Nexus 9000 Series Switches
Affected versions: Cisco Nexus 9000 6.1 (2) I2 (3)
CVE-2015-0686 Vulnerability Description:
A remote user can cause denial of service.
The vulnerability is caused due to an error in the subsystem SNMP. A remote authenticated user can trigger a reboot of the target device.
Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38193
2. Denial of service in the Cisco Catalyst 4500 Series
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0687
Vector of exploitation: Remote
Impact: Denial of service
Affected Products: Cisco Catalyst 4500E Series Switch
Affected versions: Cisco Catalyst 4500 Series 15.1 (2) SG4
CVE-2015-0687 Vulnerability Description:
A remote user can cause denial of service.
The vulnerability is caused due to an error in the code SNMP. A remote authenticated user can call crash of the target system.
Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38194
3. Denial of service in the Cisco ASR Router
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0688
Vector of exploitation: Remote
Impact: Denial of service
Affected Products: Cisco Aggregation Services Routers (ASR)
Affected versions: Cisco ASR Router 3.10.2S
CVE-2015-0688 Vulnerability Description:
A remote user can cause denial of service.
The vulnerability is caused due to an error when processing packets H.323. This can be exploited to crash the system.
Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38210
4. Cross-Site Scripting Vulnerability (XSS) in the Cisco Wireless LAN Controller
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2015-0690
Vector of exploitation: Remote
Impact: Cross-site scripting
Affected Products: Cisco Wireless LAN Controller (WLC) 7.x
Affected versions: Cisco Wireless LAN Controller version to 8.0
CVE-2015-0690 Vulnerability Description:
A remote user can to perform a XSS-attack.
The vulnerability exists due to insufficient input data processing. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Link: http://tools.cisco.com/security/center/viewAlert.x?alertId=38222
Solution: Install the latest version of the product from the manufacturer.
Manufacturer URL: cisco.com