Up Time Device

Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities (2007-10-11)

Cisco IOS is prone to multiple unspecified stack overflow vulnerabilities that may allow an attacker to execute arbitrary code.

A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users.

The resarchers responsible for these discoveries have stated that there are numerous other IOS security issues that will be released in the near future.

Judging by the limited information in the security advisory that induced this alert; it is assumed that all of Cisco IOS 12.x and IOS XR versions are affected by these issues. This can not be verified at this time. This information will be updated when more details are available.

3Com TippingPoint IPS Remote Denial Of Service Vulnerability (2007-04-25)

3Com TippingPoint IPS is prone to a remote denial-of-service vulnerability. This issue occurs when handling a large number packets destined for port 80.

A successful attack will cause CPU processes to be consumed on devices running the affected software. This will cause the device to stop responding after a certain period of time, denying service to legitimate users.

Cisco PIX/ASA Enable Login Prompt Privilege Escalation Vulnerability (2008-01-28)

Cisco PIX and ASA are potentially prone to a privilege-escalation vulnerability.

Exploiting this issue allows authenticated attackers to gain administrative privileges on affected devices. This may facilitate the complete compromise of the affected device.

This issue affects the Cisco PIX/ASA operating system Finesse 7.1 and 7.2. Other versions may also be affected.

This issue may be related to the one documented in BID 22562 (Cisco PIX/ASA Privilege Escalation Vulnerability), but not enough information is currently available to confirm this.

Note that Cisco cannot reproduce this issue at this time.