‫ Cisco Multiple Products GNU C Library Buffer Overflow Vulnerability

 

ID: IRCAD2015023728
Release Date: 2015-02-02
Criticality level: Highly critical
Software:
Cisco Aggregation Services Routers (ASR)
Cisco Content Delivery Engine Series
Cisco Expressway Series
Cisco Identity Services Engine (ISE) 1.x
Cisco IOS 15.0
Cisco IOS 15.1
Cisco IOS 15.2
Cisco IOS 15.3
Cisco IOS 15.4
Cisco IOS XE 3.12.x
Cisco IOS XE 3.7.x
Cisco MDS 9000 Series
Cisco Nexus 7000 Series Switches
Cisco Physical Access Manager 1.x
Cisco TelePresence Conductor
Cisco TelePresence Exchange System
Cisco TelePresence System 1000
Cisco TelePresence System 1100
Cisco TelePresence System 1300 Series
Cisco TelePresence System 3000 Series
Cisco TelePresence Systems (CTS)
Cisco TelePresence TX9000 Series
Cisco Unified SIP Proxy (USP)
Cisco Network Level Service
Cisco Prime Data Center Network Manager (DCNM) 5.x
Cisco Prime Data Center Network Manager (DCNM) 6.x
Cisco Prime Data Center Network Manager (DCNM) 7.x
Cisco Prime Data Center Network Manager (DCNM) 9.x
Cisco Prime Infrastructure 2.x
Cisco TelePresence Video Communication Server (VCS)
Cisco Unified Communications Manager 10.x
Cisco Unified Communications Manager 7.x
Cisco Unified Communications Manager 8.x
Cisco Unified Communications Manager 9.x
Cisco Unified Communications Manager IM and Presence Service 10.x
Description:
Cisco has acknowledged a vulnerability in multiple Cisco products, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to a bundled vulnerable version of the GNU C library.The vulnerability is reported in the following products and versions:
* Cisco Identity Services Engine (ISE) version 1.3(0.486).* Cisco Prime Infrastructure / Cisco Network Level Service version 2.2 and 2.2(1).
* Cisco Unified Communications Manager versions 10.0(1.10000.24), 10.5(1.10000.7), 10.5(2.10000.5), 7.1(5.10000.12), 8.5(1.10000.26), 8.6(2.10000.30), and 9.1(2.10000.28).
* Cisco Unified SIP Proxy (USP) version 9.0(0).
* Cisco Expressway Series / Cisco TelePresence Video Communication Server (VCS) versions X7.x and X8.1.x through X8.1.2.
* Cisco TelePresence Conductor versions XC1.x, XC2.0.x, XC2.1.x, and XC2.2.x through XC2.3.1.
* Cisco Aggregation Services Routers (ASR) running IOS-XE 15.2(4)S6 (3.7.6S), 15.3(3)S6, and 15.4(2)S1 (3.12.1S).
* Cisco IOS-XE versions 15.0(1)EX3, 15.0(1)EZ3, 15.0(1)XO1, 15.0(2)SG, 15.0(2)XO, 15.1(1)XO1, and 15.2(2)E1 for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10).
* Cisco Unified Communications Manager IM and Presence Service (CUPS) version 10.0(1).
* Cisco Content Delivery Engine Series versions 2.1(1), 2.1(2), and 3.0(0).
* Cisco TelePresence Systems / TX9000 Series (please see the vendor's advisory and the bug report CSCus69749 for affected products and versions).
* Cisco Telepresence Exchange version 1.3.0.4.2.0.
* Cisco Nexus 7000 Series Switches version 6.2(10).
* Cisco MDS 9000 Series Multilayer Switches versions 3.3(1a), 4.2(1), 5.0(1), 5.2(1), and 6.2(1).
* Cisco Prime Data Center Network Manager versions 6.3(2), 7.0(2), 7.1(1), and 9.9(0)TIP(0.2).
* Cisco Physical Access Manager 1.5(2.0.3.7).
Solution
Update or upgrade if available.
References:
Cisco (CSCus68798, CSCus69495, CSCus66650, CSCus69387, CSCus69558, CSCus69523, CSCus69732, CSCus69731, CSCus69785, CSCus69567, CSCus69749, CSCus69613, CSCus69452, CSCus68360, CSCus68892, CSCus69524, CSCus68905):
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 19 بهمن 1393

امتیاز

امتیاز شما
تعداد امتیازها:0