Gladiator Research and Security

GSA Reference Number: AD111012-01

Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices.  This advisory identifies three new denial of service vulnerabilities and one new authentication bypass vulnerability.  An update from Cisco is available to address these issues and should be applied as soon as possible.  Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.

GSA Reference Number: AD100217-01

Simply Put: Cisco has released an advisory for multiple vulnerabilities with Cisco ASA 5500 devices.  This advisory identifies six new denial of service vulnerabilities and one new authentication bypass vulnerability.  An update from Cisco is available to address these issues and should be applied as soon as possible.  Gladiator will be testing this update for compatibility and stability and will then notify affected clients if an update is necessary.

GSA Reference Number: AD090925-01

Simply Put: Cisco has announced eleven new vulnerabilities in multiple Cisco products.  Nine of the vulnerabilities affect Cisco’s IOS – the operating system for many Cisco devices.  Cisco IOS is present on Cisco routers and switches.  Two more vulnerabilities affect Unified Communications Manager.  The vulnerabilities cover denial of service and authentication bypass on IOS, as well as denial of service and remote code execution on Unified Communications Manager.   Many of these vulnerabilities are considered Critical by Gladiator, since a denial of service on a router would result in loss of Internet access.  Note: Cisco Firewalls do not run Cisco IOS and are not vulnerable to these issues.

GSA Reference Number: AD090909-01

Simply Put: Cisco has announced a new vulnerability in multiple Cisco products, including Cisco ASA and PIX appliances and routers.  The vulnerability covers a resource exhaustion issue with TCP connections, which causes a denial of service.  Some devices may need to be rebooted to fully recover.  This vulnerability is considered Critical by Gladiator. We will be reviewing all CoreDEFENSE-monitored Cisco ASA and PIX devices for susceptibility.

GSA Reference Number: AD090409-01

Simply Put: Cisco has announced a number of newly discovered vulnerabilities in both their Cisco ASA 5500 Series and Cisco PIX Security Appliances running 7.x and 8.x firmware versions.  These vulnerabilities cover SSL and IPSec VPN Connectivity, Access-List Restrictions, and Packet Inspection.  The vulnerabilities in this latest Cisco release are considered critical by Gladiator. We will be reviewing all CoreDefense monitored Cisco ASA and PIX devices for susceptibility.

GSA Reference Number: AD081024-01

Simply Put: Cisco has announced three vulnerabilities in Cisco ASA and PIX devices.  The vulnerabilities cover Windows NT Domain authentication, IPv6, and the Crypto Accelerator. Gladiator will be reviewing all monitored client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated.

GSA Reference Number: AD080926-01

Simply Put: Cisco has announced twelve vulnerabilities in multiple Cisco products.  The vulnerabilities range from denial of service to remote exploitation, for some systems.  The denial of service issues will cause the device to reload, if exploited.  Remote exploitation only affects the Cisco uBR10012 model devices.  For a comprehensive list of affected IOS versions, refer to the Cisco article linked below. Gladiator will be reviewing all monitored client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated.