Cisco Patches Serious Flaws in Security, Wireless Appliances

I put this up as I KNOW a lot of you Tech-Heads run Cisco stuff (probably wireless along with a few Cisco Switches). I wanted to make SURE you all knew about this vulnerability and the immediate need to get these wireless units patched.

Cisco has released software updates to address a series of critical and high severity vulnerabilities affecting some of the company’s security and wireless appliances.

The most serious of the flaws disclosed on Wednesday is a command injection vulnerability (CVE-2015-6298) affecting the certificate generation process in the administration web interface of the Cisco Web Security Appliance (WSA). The vulnerability, caused by improper parameter validation, can be exploited by a remote attacker to execute arbitrary commands with root privileges.

The Cisco Web Security Appliance is also affected by a couple of high severity denial-of-service (DoS) vulnerabilities that can be exploited to cause the device to run out of system memory. One of these security bugs affects the file-range request functionality of Cisco AsyncOS (CVE-2015-6293), while the other impacts the AsyncOS proxy cache functionality (CVE-2015-6292).

Vulnerabilities in AsyncOS components also affect the Cisco Email Security Appliance (ESA). One of these issues, a DoS flaw identified as CVE-2015-6321, can be used by a remote attacker to cause the device to stop accepting new TCP connections. The second issue, first disclosed in June, can be exploited by a remote, unauthenticated attacker to bypass the appliance’s anti-spam functionality.

Read more about it here.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization
    Written by

    Da Boss!

    ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization Ya know, if I was that into Mining I would…
  • CCleaner for Windows "Hacked" - Hackers Hid Backdoor
    Written by

    Da Boss!

    CCleaner for Windows "Hacked" - Hackers Hid Backdoor Welp...I'm s****! I use CCleaner all the time. So much…
    Read more...
  • Introducing Project “Honolulu”, our new Windows Server management experience
    Written by

    Da Boss!

    Introducing Project “Honolulu”, our new Windows Server management experience This looks pretty cool! I could see myself using it.
    Read more...
  • Windows 10 update due October 17
    Written by

    Da Boss!

    Windows 10 update due October 17 Great. I just got shoved the Creators update and spent…
    Read more...
  • Enhancing the “Open Command Prompt here” Context Menu experience
    Written by

    Da Boss!

    Enhancing the “Open Command Prompt here” Context Menu experience If you are like me and are missing the "Right…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.