site stats

Cisco patches serious flaws in router and conferencing server software


<!–Cisco patches critical flaws in router and conferencing server Instrument A Large signal on the curb greets arrivals at Constructing 9 of the Cisco Techniques campus in San Jose, California, on Oct. 5, 2015.</p> <p></span></p> <p> Credit:<span></p> <p> Stephen Lawson<br /> </span></p> </figcaption> </figure> <section class="deck"> <h2>The patches restore flaws in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server, and Cisco Meeting Server</h2> </section> <div class="modal eml-friend-wrapper" id="emailModal"> <div class="eml-ty eml-friend-success"> <i class="ss-icon ss-delete" /></p> <h3>Thank You</h3> <p class="msg-sent">Your message has been despatched.</p> </p></div> <div class="eml-friend-error"> <i class="ss-icon ss-delete" /></p> <h3>Sorry</h3> <p class="msg-sent">There was an error emailing this web page.</p> </p></div> </div> <section class="bodee"> <p>$(‘#” + slotName + “‘).responsiveAd(screenSize:’971 1115’, scriptTags: []);if (Object.keys(IDG.GPT.companions).size > 0) IDG.GPT.refreshAd(‘” + slotName + “‘);”;<br /> var adDivString = “</p> <p>” + adString + “</p> <p>“;</p> <p> placementDiff = applyInsert($(this), adDivString);<br /> if (debug)<br /> console.log(“Simply placed an Advert and the placementDiff is: ” + placementDiff);</p> <p> placementTarget = cumulativeHeight + placementDiff + interModuleHeight + adHeightBuffer;</p> <p> else<br /> var moduleDivString = “”;<br /> var elementId = “drr-mod-“+moduleCounter;<br /> moduleDivString = “”;<br /> modules.push(elementId);</p> <p> placementDiff = applyInsert($(this), moduleDivString);<br /> if (debug)<br /> console.log(“Just positioned a module and the placementDiff is: ” + placementDiff);</p> <p> placementTarget = cumulativeHeight + placementDiff + interModuleHeight + moduleHeightBuffer;<br /> moduleCounter++;</p> <p> loopCounter++;</p> <p> // Steer Clear Of inserting Parts too soon due to non-large figures inflating the cumulative Height<br /> if ($(this).is(“Determine”) && !$(this).is(“Determine.large”))<br /> cumulativeHeight += grafHeight;</p> <p> else<br /> cumulativeHeight += $(this).Top() + grafHeight;</p> <p> );</p> <p> // clone Associated Tales module to return in after eighth para in article body for Cell breakpoint show<br /> var $relatedStories = $(‘.Associated-promo-wrapper’);<br /> if ($relatedStories.length)<br /> var $relatedStoriesClone = $relatedStories.clone();<br /> $relatedStoriesClone.insertAfter( “#drr-container > p:eq(7)”); </p> <p> // For Cell only, Position Advert after second paragraph.<br /> if (firstMobileAdHtml)<br /> $(firstMobileAdHtml).insertAfter(“#drr-container > p:eq(1)”);</p> <p> var $insiderPromo = $(‘.insider-promo-wrapper’);<br /> if ($insiderPromo.length)<br /> var $insiderPromoClone = $insiderPromo.clone();<br /> $insiderPromoClone.insertAfter( “#drr-container > p:eq(1)”);</p> <p> //Location left facet Part<br /> cumulativeHeight = 0;<br /> var leftPlacementTarget = tagHeight = leftPlacementTarget)<br /> if (debug)<br /> console.log(“congratulations… now we have passed the preliminary Start level”);</p> <p> if (leftPlacementIndex == null)<br /> //it can be Not good enough to Now Not be a left Steer Clear Of – it additionally isn’t a </p> <p> with an straight away preceding small or medium image left Steer Clear Of.<br /> if (!isLeftAvoid($(this)) && noPrevFigures($(this)) )<br /> leftPlacementIndex = $(this).index();<br /> $leftPlacementElement = $(this);<br /> leftPlacementLookaheadStart = cumulativeHeight;<br /> if (debug)<br /> console.log(“shouldn’t be a left Keep Away From and no prev figures. ########## set placementIndex (“+leftPlacementIndex+”) and lookaheadStart (“+leftPlacementLookaheadStart+”) ##########”);</p> <p> else<br /> if (debug)<br /> console.log(“is a left Avoid or has previous figures. proceed”);</p> <p> else<br /> if (debug)<br /> console.log(“#### leftPlacementIndex already set to “+leftPlacementIndex+”. having a look IN ADVANCE…”);</p> <p> //Now Not null; has been set<br /> if ((cumulativeHeight – leftPlacementLookaheadStart) > leftIntervalHeight)<br /> if (debug)<br /> console.log(“###### THRESHOLD REACHED. LOOKAHEAD FULL. Finish ###### (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) > leftIntervalHeight (“+leftIntervalHeight+”).”);</p> <p> return false;<br /> else<br /> if (debug)<br /> console.log(“threshold No Longer reached: (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) tags<br /> if (!(isLeftAvoid($(this)) && ($(this).hasClass(‘small’)<br /> );</p> <p> if (leftPlacementIndex != null && elementNotNearEnd($leftPlacementElement, leftPixelWindow))<br /> if (debug)<br /> console.log(” insert into index “+leftPlacementIndex);</p> <p> $(“#drr-container”).youngsters().eq(leftPlacementIndex).sooner than(“</p> <p>“);</p> <p> IDG.GPT.trackOmniture();</p> <p> // Add Proper rail module content<br /> for (var i=0; i” + adString + “</section> </article> </section> </div> <p>“;</p> <p> function getEpoParams() </p> <p> /**<br /> * @param jqo Authentic jquery object Goal<br /> * @param divString The div to be inserted.<br /> * @return Distinction in Top between Original placement Goal and last Target.<br /> * Tests first 6 Components for an allowable placement (600 pixel window).<br /> * If none, Take A Look At local for Elements that are not Right avoids.<br /> * If none, Location Component earlier than present Target.<br /> */<br /> function applyInsert(jqo, divString) jqo.hasClass(‘fullwidth’))<br /> if (debug)<br /> console.log(“isRightAvoid: discovered product listing or fullwidth product sidebar”);</p> <p> return true;</p> <p> return false;</p> <p> // Return authentic if Part has Type ‘reject’: will not Position drr modules/commercials next to those Elements<br /> operate isRightReject(jqo)<br /> console.log(“in isRightReject”);<br /> if (jqo != null)<br /> if (jqo.hasClass(“reject”))<br /> if (debug)<br /> console.log(“isRightReject: found ‘reject’ Category”);</p> <p> return authentic;</p> <p> return false;</p> <p> return false;</p> <p> // Returns authentic if Top of all Parts after this one is greater than 500; false otherwise<br /> operate elementNotNearEnd(Part, pixelWindow)<br /> if (pixelWindow == null)<br /> pixelWindow = 500;</p> <p> if (Element == null)<br /> return false;</p> <p> var remainingHeight = 0;<br /> var children = $(“#drr-container”).youngsters().slice(Component.index());<br /> if (youngsters == null)<br /> return false;</p> <p> children.EACH(operate(i)<br /> remainingHeight += $(this).Peak();<br /> );<br /> if ( remainingHeight > pixelWindow)<br /> return real;</p> <p> else<br /> if (debug)<br /> console.log(“Part too on the subject of End. Final Top is: ” + remainingHeight + ” and window is ” + pixelWindow); </p> <p> return false;</p> <p> /**<br /> * Return authentic if need to Avoid this Part when inserting left module.<br /> */<br /> operate isLeftAvoid(jqo)<br /> if (jqo.is(“Figure”))<br /> if (debug)<br /> console.log(“isLeftAvoid: found Determine. return actual”);</p> <p> return authentic;</p> <p> if (jqo.is(“aside.pullquote”))<br /> if (debug)<br /> console.log(“isLeftAvoid: found pullquote. return real”);</p> <p> return actual;</p> <p> if (jqo.is(“pre”))<br /> if (debug)<br /> console.log(“isLeftAvoid: found pre. return actual”);</p> <p> return actual;</p> <p> if (jqo.is(“div.gist”))<br /> if (debug)<br /> console.log(“isLeftAvoid: found github code block. return genuine”);</p> <p> return genuine;</p> <p> if (jqo.is(“aside”) && jqo.hasClass(“sidebar”) && jqo.hasClass(“medium”))<br /> if (debug)<br /> console.log(“isLeftAvoid: discovered medium sidebar. return genuine”);</p> <p> return actual;</p> <p> if (jqo.hasClass(“statsTable”))<br /> if (debug)<br /> console.log(“isLeftAvoid: found Type statsTable. return authentic”);</p> <p> return actual;</p> <p> if (jqo.hasClass(“product-sidebar”) && jqo.No Longer(“.fullwidth”).length > 0)<br /> if (debug)<br /> console.log(“isLeftAvoid: found Type product-sidebar. return true”);</p> <p> return proper;</p> <p> return false;</p> <p> /**<br /> * return proper if there are not any figures earlier than the Goal placement that might bleed down into placement Component<br /> */<br /> function noPrevFigures($originalTarget)<br /> var targetIndex = $originalTarget.index();<br /> var numElementsLookBack = 5;<br /> var figureIndex = null;<br /> var figureHeight = null;<br /> var startIndex = targetIndex – numElementsLookBack </p> <div id="drr-container"> <p>Cisco Systems launched patches this week for a couple of vulnerabilities in its IOS Device for networking units and the Cisco and WebEx conferencing servers.</p> <p>Probably The Most serious vulnerability affects the Cisco IOS XR Tool for the Cisco Community Convergence System (NCS) 6000 Series Routers. It May Well lead to a denial-of-service situation, leaving affected gadgets in a nonoperational state.</p> <p>Unauthenticated, faraway attackers can Make The Most the vulnerability through initiating quite a few Management connections to an affected software over the Secure Shell (SSH), Steady Reproduction Protocol (SCP), or Secure FTP (SFTP).</p> <p>As A Result Of It May Possibly impact the provision of a very important piece of kit, like a router, Cisco has rated this vulnerability as high severity. There Is Not Any workaround and buyers are instructed to put in the newly launched patches.</p> <p><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ios-xr" target="new">Another flaw fixed within the Cisco IOS XR Device could allow attackers to execute arbitrary commands on the operating Gadget with root privileges. This vulnerability impacts IOS XR Instrument Release 6.0.1.BASE and used to be rated medium severity because the attacker must be authenticated as a local user.</p> <p>A denial-of-carrier vulnerability was additionally fixed within the Cisco IOS Software. It May Be used to crash devices running affected versions of the Device via sending specially crafted Link Layer Discovery Protocol (LLDP) packets to them. Exploitation does not require authentication, however requires the attacker to be ready to send LLDP packets.</p> <p>The firmware of Cisco ASR 5000 Collection carrier-Category platform which is utilized in 3G and LTE networks received an replace that fixes an insecure SNMP (Simple Community Administration Protocol) implementation. The weak spot would have allowed attackers to learn and adjust the device configuration.</p> <p>Cisco’s Assembly servers had been also the focal point of this week’s patch releases. One vulnerability in the HTTP interface of the Cisco Meeting Server, previously Acano Conferencing Server, will have allowed attackers to launch persistent cross-web site scripting (XSS) assaults towards customers of the interface.</p> <p>Attackers could Exploit this flaw via tricking users to click on on maliciously crafted hyperlinks and could then execute rogue JavaScript code of their browsers in the context of the Cisco Meeting Server interface. This will be used to steal authentication cookies or to drive them to function unauthorized movements.</p> <p>Two XSS vulnerabilities have been also fastened in the Cisco WebEx Conferences Server version 2.6, <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms1" target="new">one in its administration interface and one in the user interface. Both can be exploited by means of tricking users to discuss with specially crafted links and could lead to further attacks.</p> <p>The Cisco WebEx Conferences Server also acquired patches for an SQL injection vulnerability that might enable attackers to extract information from its database and for a command injection flaw.</p> </div> <div class="byline vcard author end-byline"> <p><img class="bylineImage imgId100258922 " src="http://greattodaynews.com/wp-content/uploads/2016/07/1468600758_lucian_constantin-100258922-byline.jpg" alt="Lucian Constantin" /></p> <p> <!-- end .author-info --></p> </div> <p><!-- blx4 #1218 blox4.html --></p> <div class="article-intercept"> <a href="http://www.cio.com/article/2847396/it-skills/8-free-online-courses-to-grow-your-tech-skills.html#tk.cross_2cio_intrcpt"><br /> <i class="ss-icon ss-navigateright" /><em> From CIO:</em> 8 Free On-line Lessons to Grow Your Tech Skills<br /> </a></p></div> <p> <!-- /.bodee --></p> <section id="funnel"> <section class="popular-brand-cols"> <section class="popular-col"><!-- /.promo --><br /> <!-- ./promo newsletter --></p> </section> <section class="brand-col"> </section> </section> <section class="featured-col"><!-- blx4 #937 blox4.simple --></p> </section> </section> <p> <!-- /role=main --><!-- /#page-wrapper --></p> <footer> <section class="brand"><span class="logo">InfoWorld</span><br /> <span class="tagline"> </span></p> <p> <span class="follow"><br /> <label>Practice us</label><br /> </span></p> </section> <section class="topics"> <nav id="ft1" /> <nav id="ft2" /></section> <section class="about"> </section> <section class="copyright"> <div class="wrapper"> <p>Copyright © 1994 – 2016 InfoWorld, Inc. All rights reserved.</p> <div class="network"> <div id="network-selector"> <p>Explore the IDG Community <i class="ss-icon tick">descend</i></p> </p></div> <p><!-- /#network-selector --> </div> <p><!-- /.network --> </div> <p><!-- /.wrapper --><br /> </section> </footer> <p><!-- Begin welcome ad overlay - gpt-overlay position --><br /> <!-- End welcome ad overlay - gpt-overlay position --></p> <p> <!-- Begin gpt-skin/gpt-pin/inread --></p> <p> <!-- End gpt-skin/gpt-pin/inread --> </p> <p><!-- Begin BlueKai Tag --></p> <p><!-- CryptoJS --></p> <p><!-- End BlueKai Tag --></p> <p><!-- START Nielsen Online SiteCensus? V6.0 --><br /> <!-- COPYRIGHT 2010 Nielsen Online --></p> <p><!-- END Nielsen Online SiteCensus? V6.0 --></p> <p><!-- SiteCatalyst code version: H.26.2. Copyright 1996-2013 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com --></p> <p><img src="http://idgenterprise.d1.sc.omtrdc.net/b/ss/infoworld-production/1/H.25--NS/0" height="1" width="1" border="0" alt="" /><!--/DO NOT REMOVE/--><br /> <!-- End SiteCatalyst code version: H.26.2. --></p></div> <p><br /> <br /><a href="http://www.infoworld.com/article/3096104/networking/cisco-patches-serious-flaws-in-router-and-conferencing-server-software.html#tk.rss_all">Supply Hyperlink </a></p> <div class="clear"></div> </div><!-- /entry --> <div id="comments"> <p> You must be logged in to post a comment <a href="http://greattodaynews.com/wp-login.php?redirect_to=http%3A%2F%2Fgreattodaynews.com%2Fcisco-patches-serious-flaws-in-router-and-conferencing-server-software%2F"> Login </a> </p> </div><!-- #comments --> </div><!-- /main --> <div id="sidebar"> <div class="sidebarinner"> </div><!-- .sidebarinner --> </div><!-- /sidebar --> </div><!-- /container --></div><!-- end of wrapper --> <div id="footer"> <div id="foo_widget1"> <div id="flickr-widget-3" class="widget flickr_widget"><div class="widgetinner"><h3 class="widgettitle">Flickr Photo Stream</h3> <script type="text/javascript" src="http://www.flickr.com/badge_code_v2.gne?count=10&display=random&layout=x&source=all_tag&tag=&size=s"></script><div class="clear"></div></div></div> </div> <div id="foo_widget2"> <div id="recent-posts-3" class="widget widget_recent_entries"><div class="widgetinner"> <h3 class="widgettitle">Recent Posts</h3> <ul> <li> <a href="http://greattodaynews.com/nigeria-amnesty-international-accuses-nigerian-security-forces-of-widespread-abuses/">Nigeria: Amnesty International Accuses Nigerian Security Forces of Widespread Abuses</a> </li> <li> <a href="http://greattodaynews.com/retired-nyc-sanitation-worker-makes-285k-a-year-from-pension/">Retired NYC sanitation worker makes $285K a year from pension</a> </li> <li> <a href="http://greattodaynews.com/billy-graham-dies-americas-pastor-adviser-to-presidents/">Billy Graham dies: ‘America’s Pastor,’ adviser to presidents</a> </li> <li> <a href="http://greattodaynews.com/woman-who-cared-for-florida-gunman-reportedly-wants-to-control-his-inheritance/">Woman who cared for Florida gunman reportedly wants to control his inheritance</a> </li> <li> <a href="http://greattodaynews.com/domestic-abuse-guidelines-recommend-tougher-sentences/">Domestic abuse: Guidelines recommend tougher sentences</a> </li> </ul> </div></div> </div> </div> <div id="footer_data"> <ul class="footerpages"> <li class="first"><a href="http://greattodaynews.com/" title="Great Today News">Home</a></li> <li class="page_item page-item-6"><a href="http://greattodaynews.com/privacy-policy/">Privacy Policy</a></li> <li class="page_item page-item-195"><a href="http://greattodaynews.com/contact/">Contact Us</a></li> <li class="page_item page-item-198"><a href="http://greattodaynews.com/video-gallery/">Video Gallery</a></li> <li class="page_item page-item-201"><a href="http://greattodaynews.com/sitemap/">Sitemap</a></li> <li><a rel="nofollow" href="http://greattodaynews.com/feed/">RSS</a></li> <li class="right"><a href="#top" title="Great Today News" rel="home"><strong>↑</strong> Great Today News</a></li> </ul> <div class="clear"></div> <p id="footer-left-side"> <a href="http://greattodaynews.com/" title="Great Today News" rel="home">Great Today News</a> </p><!-- #site-info --> <p id="footer-right-side"> <a href="http://greattodaynews.com/wp-login.php">Log in</a> - Designed by <a href="http://www.greattodaynews.com/" title="Today News">Today News</a> <script type='text/javascript' src='http://greattodaynews.com/wp-includes/js/comment-reply.min.js?ver=4.9.4'></script> <script type='text/javascript'> /* <![CDATA[ */ var wpcf7 = {"apiSettings":{"root":"http:\/\/greattodaynews.com\/wp-json\/contact-form-7\/v1","namespace":"contact-form-7\/v1"},"recaptcha":{"messages":{"empty":"Please verify that you are not a robot."}},"cached":"1"}; /* ]]> */ </script> <script type='text/javascript' src='http://greattodaynews.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0'></script> <script type='text/javascript' src='http://greattodaynews.com/wp-includes/js/wp-embed.min.js?ver=4.9.4'></script> </p> <!-- #footer-right-side --> </div><!-- /footer_data --> <div class="hide"> <div id="adv_here"> <h3 class="widgettitle">Widgetized Section</h3> <p>Go to Admin » appearance » Widgets » and move a widget into Advertise Widget Zone</p> </div> </div> <!-- Quantcast Tag --> <script type="text/javascript"> var _qevents = _qevents || []; (function() { var elem = document.createElement('script'); elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js"; elem.async = true; elem.type = "text/javascript"; var scpt = document.getElementsByTagName('script')[0]; scpt.parentNode.insertBefore(elem, scpt); })(); _qevents.push({ qacct:"p-XSTdT3wyH_FGD" }); </script> <noscript> <div style="display:none;"> <img src="//pixel.quantserve.com/pixel/p-XSTdT3wyH_FGD.gif" border="0" height="1" width="1" alt="Quantcast"/> </div> </noscript> <!-- End Quantcast tag --> </body> </html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced Served from: greattodaynews.com @ 2018-02-22 07:15:37 by W3 Total Cache -->