Telnet, SSH prod of death smashes Cisco broadband boxes offline

Plus: Login into a stranger's Cisco Meeting account and chat away as them

By Shaun Nichols in San Francisco

Posted in Networks, 12th October 2016 22:59 GMT

Cisco has issued six software updates to address security vulnerabilities in its networking products, ranging from denial of service conditions to authentication bypasses.

The most serious of the flaws is the authentication bypass hole in the Cisco Meeting Server. Cisco warns that, due to improper handling of XMPP messaging, a remote unauthenticated attacker could exploit the vulnerability to gain access to another user's account, and log in to the server with their permissions and chat away as them. The vulnerability, which is exposed in Meeting Server versions 2.0.6 and earlier with XMPP enabled, has been rated as a "critical" risk.

On the Unified Communications Manager (UCM) platform, a patch has been issued to address poor handing of iframe code that potentially allows an attacker to re-route user traffic for clickjacking or phishing attacks.

For companies running Wide Area Application Services (WAAS), Cisco has posted an update to address a denial of service vulnerability in the WAN platform. An attacker can exploit the flaw by flooding the vulnerable appliances with SSL traffic, thanks to a lack of file size limits.

The Cisco cBR-8 Converged Broadband Routers have been found to contain a flaw that allows an attacker to disrupt connections by constantly pinging the router with Telnet and SSH connection requests.

Those who use the Cisco Prime Infrastructure and Evolved Programmable Network Manager for SQL will want to patch up a SQL injection flaw that allowed an attacker to use SQL queries to access stored data or trigger a denial of service.

The Cisco Finesse Agent remote administration software has been updated with a fix for a cross-site request forgery. Should an attack exploit the flaw via a malicious link, the attacker would have access to the target system with the current user's permissions.

Cisco says it is not aware of any attacks in the wild targeting any of the patched vulnerabilities. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Switchzilla is investigating a whole bunch of products

Dell EMC patches 3 zero-days in Data Protection Suite

Could combine to 'fully compromise' virtual appliance, researchers warn

Cisco patches NetBIOS vuln

Sigh. Cisco security kit has Java deserialisation bug and a default password SNAFU

Two critical vulnerabilities among 20 patches

Quantum cryptography demo shows no need for ritzy new infrastructure

Telefónica and Huawei shoot freakin' lasers down existing optical networks for QKD

Single single-sign-on SNAFU threatens three Cisco products

Firepower, AnyConnect and ASA appliances and clients need patches

Running Cisco DNA Center? Update right now to get rid of the static admin credential

Switchzilla scrambles out patches for trio of nasty flaws

Cisco NFV controller is a bit too elastic: It has an empty password bug

Critical patch lands for that, UCS Domain Manager flaw, dirty dozen lesser messes fixed

Cisco patches switch hijacking hole – the one exploited by the CIA

Telnet security flaw fix finally lands – or just use SSH, yeah?

SAP pushes 25 patches and two patch patches

HANA User Self Service isn't meant to give crims self-service, but it can. And you can plug it