SB2012050201 - Multiple vulnerabilities in Nextcloud ios

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2012-0338)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.

2) Input validation error (CVE-ID: CVE-2012-0339)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.

3) Input validation error (CVE-ID: CVE-2011-2586)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.

Remediation

Install update from vendor's website.

References

• http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html
• http://www.securitytracker.com/id?1027005
• https://supportforums.cisco.com/thread/2030226
• http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/caveats_SXF_rebuilds.html
• http://tools.cisco.com/security/center/viewAlert.x?alertId=24436