Cisco Patches Serious Flaws in Security, Wireless Appliances

I put this up as I KNOW a lot of you Tech-Heads run Cisco stuff (probably wireless along with a few Cisco Switches). I wanted to make SURE you all knew about this vulnerability and the immediate need to get these wireless units patched.

Cisco has released software updates to address a series of critical and high severity vulnerabilities affecting some of the company’s security and wireless appliances.

The most serious of the flaws disclosed on Wednesday is a command injection vulnerability (CVE-2015-6298) affecting the certificate generation process in the administration web interface of the Cisco Web Security Appliance (WSA). The vulnerability, caused by improper parameter validation, can be exploited by a remote attacker to execute arbitrary commands with root privileges.

The Cisco Web Security Appliance is also affected by a couple of high severity denial-of-service (DoS) vulnerabilities that can be exploited to cause the device to run out of system memory. One of these security bugs affects the file-range request functionality of Cisco AsyncOS (CVE-2015-6293), while the other impacts the AsyncOS proxy cache functionality (CVE-2015-6292).

Vulnerabilities in AsyncOS components also affect the Cisco Email Security Appliance (ESA). One of these issues, a DoS flaw identified as CVE-2015-6321, can be used by a remote attacker to cause the device to stop accepting new TCP connections. The second issue, first disclosed in June, can be exploited by a remote, unauthenticated attacker to bypass the appliance’s anti-spam functionality.

Read more about it here.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • LastPass Fixes Serious Security Flaw in Chrome, Firefox Extensions
    Written by

    Da Boss!

    LastPass Fixes Serious Security Flaw in Chrome, Firefox Extensions Time to update folks.
    Read more...
  • Windows 'DoubleAgent' Attack Turns AV Tools into Malware
    Written by

    Da Boss!

    Windows 'DoubleAgent' Attack Turns AV Tools into Malware Oh man... more good news.
    Read more...
  • Amazon has a PC and Component Sale Going on.
    Written by

    Da Boss!

    Amazon has a PC and Component Sale Going on. I just got my daily Amazon "give us more money"…
    Read more...
  • Free BlueRay Player for Windows 8.1/10
    Written by

    Da Boss!

    Free BlueRay Player for Windows 8.1/10 Recently I just put in a BlueRay player into my…
    Read more...
  • Subaru WRX STI vs an Olympic Bobsled Run
    Written by

    Da Boss!

    Subaru WRX STI vs an Olympic Bobsled Run During one part of this video, you will shout out…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.