Cisco patches denial-of-service vulnerabilities

By on
Cisco patches denial-of-service vulnerabilities

Cisco released updates for a trio of products that if exploited could lead to a denial of service (DoS) condition for each.

The first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a DoS condition. There is also a possibility the attacker can stop the reload condition, but all the actor to view sensitive information using directory traversal techniques, Cisco said.

The second issue (CVE-2018-0409) affects XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. If exploited a malicious actor could cause a temporary service outage for all IM&P users, resulting in a DoS situation.

The final vulnerability (CVE-2018-0296 ) involves Cisco's Adaptive Security Appliance is similar to the first problem in that it can cause unwanted reloads creating a DoS condition and could again allow information to be released, Cisco reported.

Updates that mitigate these flaws are available for all three products.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?