Cisco patches IPS, Firewall Services, SIP phone, UCS
Featured
Cisco has issued security advisories and updates for several products.
The following products are vulnerable to one or more of three vulnerabilities in Cisco IPS products:
- Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM)
- Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) software and hardware modules
- Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC)
- Cisco IPS 4200 Series Sensors
- Cisco IPS 4300 Series Sensors
- Cisco IPS 4500 Series Sensors
All three are denial of service vulnerabilities. Some of the products can be attacked remotely without authentication, so updates should be expedited. The table below indicates which Cisco IPS software versions are vulnerable to each vulnerability and what action Cisco advises:
| 6.x | 7.0 | 7.1 | 7.2 | 7.3 | |
| Cisco IPS Analysis Engine Denial of Service Vulnerability - CSCui91266 | Not Affected | Not Affected | 7.1(8)E4 | 7.2(2)E4 | Not Affected |
| Cisco IPS Control-Plane MainApp Denial of Service Vulnerability - CSCui67394 | Affected, move to 7.1 or later2 | Affected, move to 7.1 or later | 7.1(8p2)E4 | 7.2(2)E4 | Not Affected |
| Cisco IPS Jumbo Frame Denial of Service Vulnerability - CSCuh94944 | Not Affected | Not Affected | 7.1(8)E4 | 7.2(2)E4 | Not Affected |
Recommended Release | Affected, move to 7.1 or later | Affected, move to 7.1 or later | 7.1(8p2)E4 or later | 7.2(2)E4 or later | Not Affected |
The second advisory describes an unauthorized access vulnerability in the Cisco Unified SIP Phone 3905. By exploiting the vulnerability, an unauthenticated, remote attacker could gain root-level access to an affected device. Cisco Unified SIP Phone 3905 Firmware versions prior to 9.4(1) are affected. Cisco also provides mitigation techniques for the product, as well as an IPS signature.
The third advisory concerns Cisco Unified Computing System (UCS) Director Software versions prior to Cisco UCS Director Release 4.0.0.3 HOTFIX. A vulnerability in the UCS Director could allow an unauthenticated, remote attacker to take complete control of the affected device. Cisco also provides mitigation techniques.
The last advisory concerns Cisco Firewall Services Module (FWSM) Software. The vulnerability is a race condition during memory deallocation. An attacker, by sending the proper traffic to the module, could cause the software to reload. Repeated exploitation would cause a denial of service in the software. FWSM versions 3.1, 3.2, 4.0, and 4.1 are affected.