By Eduard Kovacs on November 05, 2015 Cisco has released software updates to address a series of critical and high severity vulnerabilities affecting some of the company’s security and wireless appliances.
The most serious of the flaws disclosed on Wednesday is a command injection vulnerability (CVE-2015-6298) affecting the certificate generation process in the administration web interface of the Cisco Web Security Appliance (WSA). The vulnerability, caused by improper parameter validation, can be exploited by a remote attacker to execute arbitrary commands with root privileges.
The Cisco Web Security Appliance is also affected by a couple of high severity denial-of-service (DoS) vulnerabilities that can be exploited to cause the device to run out of system memory. One of these security bugs affects the file-range request functionality of Cisco AsyncOS (CVE-2015-6293), while the other impacts the AsyncOS proxy cache functionality (CVE-2015-6292). Full Article
Userlevel 7
Cisco is showing good sense on keeping patches updated, hats off to them.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.