Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cisco warns users of new security vulnerabilities on some of its gear

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 16, 2016

Earlier today, Cisco has warned its customers of new, medium-level security vulnerabilities on some of its networking equipment.

The first is a security flaw in Cisco's Emergency Responder (CER) software, part of the company's Unified Communications System that can cause issues under specific conditions.

Overall, CER is a purposedly-built communications module for emergency services customers, feeding the location of phones making incoming calls to the emergency service, and automatically tracking when the caller moves from one location to the other.

CER's Web framework code doesn't properly validate input parameters passed on to the Web server, and that opens up the system to a cross-site scripting (XSS) attack, Cisco warns.

“An attacker could exploit this security vulnerability by convincing users to access a malicious link or by intercepting the user request and injecting malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information”, the Cisco advisory asserted.

The vulnerability applies only to Cisco Emergency Responder release 11.5 (0.99833.5), and to date, the company hasn't yet released a fix.

Cisco also announced a denial-of-service (DoS) security vulnerability in its Industrial Ethernet 2000 switches-- a crafted Cisco Discovery Protocol (CDP) packet forces a device reload.

However, there's still some good news to all of this: system admins will be pleased to know that it's not remotely exploitable. You have to be sending the bad packets from an adjacent device for the attack to work.

Source: Cisco.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer