Patch/Configuration Management, Vulnerability Management

Cisco patches three DoS-related flaws

Cisco released updates for a trio of products that if exploited could lead to a denial of service (DoS) condition for each.

The first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a DoS condition. There is also a possibility the attacker can stop the reload condition, but all the actor to view sensitive information using directory traversal techniques, Cisco said.

The second issue (CVE-2018-0409) affects XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. If exploited a malicious actor could cause a temporary service outage for all IM&P users, resulting in a DoS situation.

The final vulnerability (CVE-2018-0296 ) involves Cisco's Adaptive Security Appliance is similar to the first problem in that it can cause unwanted reloads creating a DoS condition and could again allow information to be released, Cisco reported.

Updates that mitigate these flaws are available for all three products.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.