SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE

Summary: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected...
Read More

Multiple Cisco Security Vulnerabilities (ASA, CUCM, WLC, etc.)

Hello, On April 20th, Cisco released multiple advisories detailing security vulnerabilities that affect a wide range of their products including ASA firewall, Unified Communications Manager (CUCM), WLC and more. The vulnerabilities, if exploited, would allow an attacker to launch a denial-of-service (DoS) attack on the device, possibly resulting in service disruption. The vulnerabilities details and remedies...
Read More

DROWN Attack (CVE-2016-0800), Turing Award and Leo’s Oscar

Hello, A new security vulnerability (“DROWN“: Decrypting RSA with Obsolete and Weakened eNcryption) affecting OpenSSL was disclosed yesterday which allows an attacker to decrypt secure TLS sessions and steal sensitive data such as passwords and credit cards information. All applications that rely on TLS protocol (like websites and email) are therefore affected. The vulnerability (id:...
Read More

Security Alert: Glibc Buffer Overflow (CVE-2015-7547)

Hello,   Following our previous communication concerning the announcements of OpenSSL vulnerability (CVE-2016-0701) and Cisco’s ASA IKE Buffer Overflow (CVE-2016-1287), a new security vulnerability surfaced which targets systems that use the “GNU Library C (glbic)” (including Cisco, Juniper and many others). “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when...
Read More