Cisco repairs high-severity bugs on three product lines

Cisco Systems on Wednesday issued a software update for three separate product lines to patch up high-severity bugs found on the products that may trigger remote attackers to elevate privileges or start a denial-of-service attack.

The US-CERT security alerted Cisco about the three bugs that consisted of privilege escalation vulnerability in the Unified Customer Voice Portal and DoS bugs in the Email Security Application and various Business Managed Switches.

The CVP bug resided in the product’ s Operation, Administration, Maintenance and Provisioning credential reset functionality which ultimately lead to the improper input validation.

The DoS bug was found in the Email Security Application again due to improper input validation by the AsyncOS message filtering feature. Attacker can use this flaw to corrupt the validation process.

Also found in SSH subsystem of the following products are the

  1. Cisco Small Business 300 Series Managed Switches
  2. Cisco Small Business 500 Series Stackable Managed Switches
  3. Cisco 350 Series Managed Switches
  4. Cisco 350X Series Stackable Managed Switches
  5. Cisco 550X Series Stackable Managed Switches
  6. Cisco ESW2 Series Advanced Switches

These flaws can result in the improper processing of SSH connections and authenticate the remote attacker that triggers the DoS condition by logging in the affected switch via compromised SSH and sending a malicious SSH message. The good news is that Cisco acted out promptly and patched out the problems from ever arising.

Tag : Linux patch
FAQ
Q
What does Cisco company do?
A
Cisco Systems, Inc. is an American multinational technology conglomerate headquartered in San Jose, California, in the center of Silicon Valley, that develops, manufactures and sells networking hardware, telecommunications equipment, and other high-technology services and products.
Q
What is Cisco LEAP?
A
Cisco LEAP is an 802.1X authentication type for wireless LANs (WLANs) that supports strong mutual authentication between the client and a RADIUS server using a logon password as the shared secret. It provides dynamic per-user, per-session encryption keys.
Q
What is Cisco famous for?
A
Cisco Systems, Inc. is a leading networking company best known as a manufacturer and vendor of networking equipment. The company also provides software and offers related services.
Q
What bug is resolved in Cisco?
A
The DoS bug was found in the Email Security Application again due to improper input validation by the AsyncOS message filtering feature. Attacker can use this flaw to corrupt the validation process.
Q
What is Cisco used for?
A
Cisco IOS (originally Internetwork Operating System) is a family of software used on most Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.) IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system.