-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0121 Title: Multiple Updates Available for CISCO Products [1,2,3] Version history: 16.10.2012 Initial publication Summary ======= CISCO has published multiple updates on their products that fix several vulnerabilities: 1) Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module [1]: CVE-2012-4643 CVE-2012-4659 CVE-2012-4660 CVE-2012-4661 CVE-2012-4662 CVE-2012-4663 2) Multiple Vulnerabilities in the Cisco WebEx Recording Format Player: CVE-2012-4661 CVE-2012-4662 and CVE-2012-4663 3) Multiple Vulnerabilities in Cisco Firewall Services Module: CVE-2012-3936 CVE-2012-3937 CVE-2012-3938 CVE-2012-3939 CVE-2012-3940 CVE-2012-3941 Vulnerable systems ================== 1) Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security [1]: Cisco ASA 5500 Series Adaptive Security Appliances Cisco Catalyst 6500 Series ASA Services Module Affected versions of Cisco ASA Software will vary depending on the specific vulnerability. Consult the "Software Versions and Fixes" section of [1] for more information about the affected versions. Cisco PIX Security Appliances Cisco PIX has reached end of software maintenance. Cisco PIX Security Appliance customers are encouraged to migrate to Cisco ASA 5500 Series Adaptive Security Appliances. Consult the dedicated section for Cisco PIX Security Appliances in the "Vulnerable Products" section of [1] for more information about affected versions. 2) Multiple Vulnerabilities in the Cisco WebEx Recording Format Player [2]: The Cisco FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers The affected versions of the Cisco FWSM varies depending on the specific vulnerability. See [2] for details. 3) Multiple Vulnerabilities in Cisco Firewall Services Module [3]: Cisco WebEx WRF Player The following client builds of Cisco WebEx Business Suite (WBS 27 and WBS 28) are affected by at least one of the vulnerabilities that are described in this advisory: - - T28 client builds prior to T28.4 (28.4) - - T27 client builds prior to T27LDSP32EP10 (27.32.10) Original Details ================ 1) Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security: Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities: - - DHCP Memory Allocation Denial of Service Vulnerability - - SSL VPN Authentication Denial of Service Vulnerability - - SIP Inspection Media Update Denial of Service Vulnerability - - DCERPC Inspection Buffer Overflow Vulnerability - - Two DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may be not affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device. Exploitation of the DCERPC Inspection Buffer Overflow Vulnerability could additionally cause a stack overflow and possibly the execution of arbitrary commands. 2) Multiple Vulnerabilities in the Cisco WebEx Recording Format Player: The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: - - DCERPC Inspection Buffer Overflow Vulnerability - - DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the other. Exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the affected device, or to execute arbitrary commands. Repeated exploitation could result in a denial of service (DoS) condition. 3) Multiple Vulnerabilities in Cisco Firewall Services Module The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx WRF Player is an application used to play back WRF WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The Cisco WebEx WRF Player can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The Cisco WebEx WRF Player can also be manually installed for offline playback after downloading the application from http://www.webex.com/play-webex-recording.html. If the Cisco WebEx WRF Player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the Cisco WebEx WRF Player was manually installed, users will need to manually install a new version of the Cisco WebEx WRF Player after downloading the latest version from http://www.webex.com/play-webex-recording.html. What can you do? ================ 1) Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM): Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities. This advisory is available in [1]. 2) Multiple Vulnerabilities in the Cisco WebEx Recording Format Player: Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.[2] 3) Multiple Vulnerabilities in Cisco Firewall Services Module Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities. [3] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa [2] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm [3] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex [4] http://cve.mitre.org/ Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQfVSXAAoJEPpzpNLI8SVodx8P/jHz5e0lAEU2bdAPkjsRpNXz zTAh7+npKnU7w8RER5POMR2+VFHCyLzvs88bhNEeFWiGiG5AQP5O8QNCMJ2lMZvk QFTL8Z8b4Aocp5PpSN8z557KseQXcdjjubTUwedsfj6Qqp/WUFR7Q/yvbbI7IpAT 2ZuVAmSjeRnOffoh0jigAisYKToK+3aiio5H6nd9WTfUMg1//t5UK6NnpsIeQbMt b/naRFHnoe2Yu3aUfoDK9OwGLqIERBUNdbdsXiriJKy+svCbWgvLBWMymPCR0PAH YPNOUQ1RG7Ho4D2JoyvaiZQLK/koz8uRjiMypggnn7CXYYbjxDu9JBlILUWJyXBk Q8YfqhDsNdTf/pO1PD909Ur1w0PDahDRmAZX9xJ9qqffuIdGjkkYBRx4gKEC2q2x 3N1PW5SadEhQ84Db/DqBpRcjjskQFAK8HHkEblPpSruGnWbjPCj04CL2tAFI0fBx Rdup6655lYYVlL44VHI/bSW6K6Gc96UBZoGY/IcqvDsvwyFat6gClaHGK/t5VSEz qG8uaOhq08EzN6XrwJVaATRdBVXK9zZ89IH4vlRuvGo/kw5YPuHrl3fxjQfiM/Ef DxGn53ueHAZ8U7ZXArUhpbx1ch7OXGLglUANRIDMOGQ8YI3qHArEI8tSIxUvwlnF GFHIt450/1uvRwItShzO =Oj81 -----END PGP SIGNATURE-----