Cisco patches three DoS-related flaws

August 16, 2018

Cisco released updates for a trio of products that if exploited could lead to a denial of service (DoS) condition for each.

The first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a DoS condition. There is also a possibility the attacker can stop the reload condition, but all the actor to view sensitive information using directory traversal techniques, Cisco said.

The second issue (CVE-2018-0409) affects XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway. If exploited a malicious actor could cause a temporary service outage for all IM&P users, resulting in a DoS situation.

The final vulnerability (CVE-2018-0296 ) involves Cisco's Adaptive Security Appliance is similar to the first problem in that it can cause unwanted reloads creating a DoS condition and could again allow information to be released, Cisco reported.

Updates that mitigate these flaws are available for all three products.

Cisco patches three DoS-related flaws

Related

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Medical device disclosures on the rise, but providers struggle to patch known flaws

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Get daily email updates